xml-dev - Re: [xml-dev] md5sum / sha1sum for XML?

Re: [xml-dev] md5sum / sha1sum for XML?

[ Lists Home | Date Index | Thread Index ]

To: Richard Salz <rsalz@us.ibm.com>
Subject: Re: [xml-dev] md5sum / sha1sum for XML?
From: David Lyon <david.lyon@preisshare.net>
Date: Tue, 18 Jul 2006 06:12:29 +1000
Cc: xml-dev@lists.xml.org
In-reply-to: <OF883600DC.E61EE6BE-ON852571AE.0050963A-852571AE.00512793@us.ibm.com>
References: <OF883600DC.E61EE6BE-ON852571AE.0050963A-852571AE.00512793@us.ibm.com>

On Mon, 2006-07-17 at 10:46 -0400, Richard Salz wrote:
> Or you sign the data.  Now the only thing the receipient has to do is have 
> out-of-band knowledge about either the certificate doing the signing, or 
> the CA that generates the signing certificate(s).  Both of these are 
> examples of indirection.  With out-of-band XXXsum, you have to "securely" 
> convey that for every payload; with a certificate, you only have to do 
> that when the certificate changes, the one you're seeing expires, or when 
> you think it might be compromised; with a CA certificate, you can have 
> multiple signers and/or renewal of existing signers.
> 
> Each level of indirection reduces the amount of work you have to do 
> per-message, but increases the risk of exposure if something goes wrong 
> (such as an adversary getting access to a private key).  Sometimes the 
> choice is easy -- an authoritative website can easily publish a list of 
> digests for various releases -- and sometimes the tradeoffs are harder to 
> determine.

Yeah, I know.

I'm personally a big fan of OpenSSL and I do VPNs for Customers on an
almost weekly basis. It's definitely good stuff and when I tried signing
some documents to my surprise it even worked. I make up certificates
each week for VPN access and it all seems quite neat.

But I work for smaller companies and their priorities with XML are just
so completely different. 

Most just don't want to know unless there is some definite business
benefit. Most are in panic stations at the moment. So much data coming
out of China now. So much.. so fast.. what to do?

Now my little pastime has become converting all the price data that
comes into clients businesses into XML so that it can become vaguely
useful. If you can't get it all in XML in the first place, then convert
it when it arrives.

I worked it out the other day. One of the businesses that I do work for
has 300 suppliers with an average of 5,000 product items each. That's
about 1,500,000 million product items to look after. And we're just
talking about a business pretty much like a Garden Centre or a Power
Tool shop.

I'd say that most small businesses these days in a western/asian country
would have about that many pieces of product information to deal with.
It's quite a lot.

Small business is being over-run by data. In fact, the more computers,
the more data there seems to be. It just seems that xml is a perfect
tool to use to cut-it all up into little pieces and do something with
it. That's what I think anyway..

I wish I had time for md5sum, but the data just keeps coming in too
fast... so so fast lah :-) 

David

References:
- Re: [xml-dev] md5sum / sha1sum for XML?
  - From: Richard Salz <rsalz@us.ibm.com>

Prev by Date: Re: [xml-dev] Basic namespace question
Next by Date: Re: [xml-dev] RE: The Best Technologies Don't Win
Previous by thread: Re: [xml-dev] md5sum / sha1sum for XML?
Next by thread: Re: [xml-dev] md5sum / sha1sum for XML?
Index(es):
- Date
- Thread