Re: OHP: Who do you see using it?

From: Andrew Pam (
Date: Tue 10 Jun 1997 - 20:47:15 CDT

Jim Whitehead wrote:
> What level of security and authentication should OHP provide?

I don't think OHP should attempt to provide any authentication or encryption whatsoever. There are plenty of experts in those fields already working on protocols such as SSL, and we should support the use of existing protocols of that sort rather than trying to reinvent the wheel. That said, we should of course address other security issues relevant to our protocol apart from authentication and transport security.

> I think OHP should be robust enough to support collaborative activity
> across the Internet between collaborators from different organizations
> which are not behind the same firewall (Case 2 above).

I agree.

> However, this then leads to a need for robust authentication technology,

Yes, and we should support existing standards in that area (such as X.509 certificates).

> and for dealing with the security implications of sending executable
> content from an OHP server to an OHP client.

Again, unless it can be shown that this problem differs in some important way from the same problem faced by the Web community we should support existing initiatives in this area also.


This archive was generated by hypermail 2.1.5 : Tue 13 Aug 2002 - 07:20:50 CDT