RSS
 Corporate.Net Feature Article Signed, Sealed & Delivered: CommerceNet Test Results The components of the signed-receipt mechanism are many. The key elements are: The initial message can request that a receipt or signed receipt be returned to the message originator; the original message is signed, so the recipient can verify the sender and the integrity of the message; and the recipient of the original messages signs the signed receipt. The middle part of the signed receipt contains status fields and a copy of the original messages' MIC (integrity check value), among other components. Possible errors included incorrect status codes, incorrect signed-receipt request strings, incorrect signed-receipt structures returned and failure of integrity, decryption and signature. We checked for all of these in tests No. 9 through No. 14. When the Ink Dries Two main problems surfaced during testing. For one, interoperability in the PKI space is going to be much harder than many people currently believe. A ubiquitous, interoperable and worldwide PKI infrastructure probably won't be i n place for years. Also, some SMTP-X.400 gateways make the digital signature unusable and will cause problems for general-purpose electronic commerce. When all is said and done, several vendors have products that are on the right track. In addition to the products already on the market, two or three more should become available later this year. Rik Drummond is president of the Drummond Group, a consultancy in electronic commerce and electronic messaging strategies, implementations and product selections. He chairs the IETF workgroup for EDI over the Internet (EDIINT) and is executive director of CommerceNet's EDI and Network Services Portfolio. He can be reached at drummond@onramp.net. Lincoln Yarbrough worked with Rik to produce the individual tests and testing procedures used in the CommerceNet EDI Interoperability Test. Chuck Shih and Mats Jansson edited the IETF workgroup's EDIINT recommendations.
| |||||||||||||||||
