-BEGIN PGP SIGNED MESSAGE-
"R.A. Hettinga" <[EMAIL PROTECTED]> writes:
> <http://sys-con.com/story/print.cfm?storyid=47592>
> But SSL's greatest weakness is that it is oriented toward synchronous
> transactions, requiring a direct connection between participants.
Yep. Makes it difficult to thwart traffic analysis.
> Security in the Message
> The solution to this problem, as put forth in standards by OASIS and
> the W3C, is to absorb security into the message itself. That is,
> provide a means of authentication, integrity, and confidentiality
> that is integral to the message, and completely decoupled from
> transport channels.
... the way encrypted email has always been.
> The Trend Away from Channel-Level Security
> ... Furthermore, everyone is building systems predicated to have key
> pairs on both sides of a transaction: at the message producer
> (client), and the message consumer (server).
> ... SSL is sufficient for Web-like, client/server application, but
> large enterprise computing is built on asynchronous messaging;
This is welcome news also for pseudonymous p2p commerce.
> So PKI is back.
Maybe a work-around can be devised.
> Scott Morrison
D. Popkin
-BEGIN PGP SIGNATURE-
Version: 2.6.3ia
Charset: noconv
iQBVAwUBQdDl3PPsjZpmLV0BAQGyVAIAu5Zc+PFv8CuKkzFv3hmnkIlZ/bXVmMNQ
zg2o1rG/4omH5RFn9B4VXJsCxespviw+Ysnpa31XgQ8f9LdxYCIz4w==
=MbdB
-END PGP SIGNATURE-