|
Information Security
< Previous Next >
re: Encryption Framework Discussion
Charles Blauner / J.P. Morgan & Co. Incorporated
6 Apr 1998 9:22AM ETOK let me take a shot at some basic framework characteristics that I am looking for and some suggested starting points for discussions.
1) Open Standards-based APIs to allow portability amoung different PKI vendors products. My suggestion here is the OpenGroup's CDSA framework (initially developed by Intel, Netscape, IBM, Entrust, and TIS) for the lower level APIs and the IETF's GSS-APIv2 for session oriented security services, GSS-IDUP for store-and-foward security services and digital signatures.
2) The certificate management protocols must be based on standards to allow interoperability between different CA products and here I suggest
the work being done in the IETF's PKIX working group.
3) Minimize change to the exisitng protocols but add some security handshake messages at session establishement.
4) Limit data-structure changes to that required to support signed messages.
One way we should be able to accomplish 3 & 4 is by wrapping GSS-based encryption around the exisiting FIX messaging infrastructure.
Charles Blauner
JP Morgan
re: Encryption Framework Discussion
Charles Blauner / J.P. Morgan & Co. Incorporated 6 Apr 1998 9:22AM ET
|
