Firewall Wizards mailing list archives
RE: XML tag encryption?
From: "Scott, Richard" <Richard.Scott () BestBuy com>
Date: Mon, 3 Jun 2002 13:03:23 -0500
<snip> There's an article in the May 27 Computerword entitled "XML's Dirty Secret". It's labeled a Technical Analysis but written more like an advertisement for the Forum Sentry Server Appliance (www.forumsys.com). This is a Linux-based network device that apparently encrypts and decrypts XML tags (not the data, just the tags). It's an interesting application but one that wouldn't seem to offer any substantive benefit over other types of encryption (VPN, file, content, ...). The xml-dev list is divided on the issue <http://lists.xml.org/archives/xml-dev/200205/msg01412.html>. Is this another dot-com bomb or might XML be a potential security product niche? <!snip> Encrypting the tags would mean that the recipient or requestor to the resource could not interpret the data using the parser. However, the raw data itself, may still, be available in the stream. For XML security the very young but looks to be fruitful XML security framework that deals with encryption and signatures should be the answer to most people's problems with XML based services. Using this framework, it is possible to encrypt the data it self, and using digital signatures. The framework is still in its infancy as far as I know.
From a network perspective, http/SOAP/XML is a nightmare to guard against,
especially in an open distributed environment. So, as far as a niche, it is, but it can be handled with the current technologies that exist. However, from what I have seen, such niches occur because the market for an application to solve these problems stem from poor network and security design that can't be corrected. Thus, businesses purchase a solution that can fit in to their technical problem model. Cheers r. Richard Scott INFORMATION SECURITY Best Buy World Headquarters 7075 Flying Cloud Drive Eden Prairie, MN 55344 USA The views expressed in this email do not represent Best Buy or any of its subsidiaries _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- XML tag encryption? Roger Marquis (Jun 01)
- Re: XML tag encryption? Darren Reed (Jun 05)
- <Possible follow-ups>
- RE: XML tag encryption? Scott, Richard (Jun 04)
- Re: XML tag encryption? Rama Kant (Jun 04)
- Re: XML tag encryption? Marcus J. Ranum (Jun 05)
- Message not available
- Message not available
- Message not available
- Re: XML tag encryption? Rama Kant (Jun 05)
- Re: XML tag encryption? Eric Rescorla (Jun 07)