[CAP] Decrease milling when increase trust RE: Vol7 #2

[Mick Jagger]

Hi,
	To authenticate a CAP message, there are some basic methods.  The first is through a trust relationship with a peer, like your example here.

> 	For those ad hoc disaster responses where you need to exchange a
> handshake with whoever shows up (the j-random NGOs) and then do business
> with them fits this model.  There is, of course, no reason you can't
> exchange credentials, but you need to accompany them with some caveat
> emptors.

This works well in both the adhoc situation you describe, lets quickly exchange keys and then we can interop, and on a more permament basis with formal exchange and interop agreements in place.

> warning (which is where this thread started).  The agencies issuing
> warnings get their X.509 credentials and then make the public keys
> readily available in the application software that would use the
> warnings they'd put out.  

The second is where a CAP specific Certificate Authority would maintain a list of CAP issuer keys and if a client needed to authenticate a message, they could access this CA for the appropriate key.

Are there other appropriate methods?  Are the XML-signature/encryption specs appropriate, or should upcoming CAP versions include more security related elements?  Should future interop demonstrations require message authentication as part of their tests?

-- 
lists at jpw.biz
--