re: Encryption Framework Discussion
Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC
6 Apr 1998 10:33AM ETIt seems the previous Security discussion
group, which had a lot of good comments in it,
has vanished.
I see a lot of disadvantages to implementing
security within the FIX protocol as opposed to
on a more external transport level.
Transport-level crypto provides authentication
and non-repudiation between two parties. Now
to prove that all messages were sent by
another person, you need to store the entire
raw data of the session. (But one should
probably be doing that anyway.)
Transport-level crypto does not work in cases
where you are using a FIX network using the
DeliverTo... fields to route to one of many
destinations. But in these cases, signatures on
individual messages are only valuable if the
FIX network isn't rewriting the messages. And
it seems to me the whole purpose of such FIX
networks IS to rewrite messages, i.e. translate
between FIX 2.7, 3.0, 4.0, and 4.1.
Other than these two drawbacks,
transport-level crypto seems to be the way to
go. Still, I can see people wanting individual
signatures. I haven't had time yet to research
GSS or CDSA, so I'd appreciate someone who
knows about them addressing the following:
* Export. Since the crypto has to be embedded
within the FIX engine, to export it you must be
able to provide a signature-only mode (and
you can rely upon an external transport layer
obtained from a non-US country to handle
encryption) or you must dumb down the crypto
to the pathetic standards allowed by the US
government for export, or you must use the
dreaded Fortezza card. Which of these
are doable under GSS / CDSA?
* Complexity. How hard are these things to
implement?
* Availability. Is GSS / CDSA available for
the majority of platforms FIX runs on?
Specifically, Unix, Win32 and Java?
* Cost. Do you have to pay a fortune either
for the GSS or CDSA libraries, or large patent
royalties to RSADSI? Is there a way to cut
costs by using Diffie-Hellman and DSS?
