<snip>
> Why do you care about someone else's purchase orders or
> invoices anyway? - it's a red herring. Avoiding EDI over the Internet
> because of security concerns is ridiculous.
>
> --
> Richard Druckenmiller
> [EMAIL PROTECTED]
>
I disagree, it's not a red herring, it's a big nasty shark waiting in the wings to
bite you due to the basic principle that 'information is power'.
If company A and B buy goods from me but I give company A a massive discount, I don't
particularly want company B to find out by sniffing around my invoices that I send
insecurely over the internet and start applying even more price pressure on me.
If I buy goods/services from supplier X and have negotiated a good discount with them,
I don't necessarily want my customers or competitors finding out where I've sourced
such a good deal or any special terms I've negotiated that may be on my orders that I
send insecurely over the internet.
This kind of sniffing may not be profitable at the moment but if 'everyone' started
sending all their current paper transactions via the internet insecurely, you can bet
your bottom dollar that a whole industry would spring up offering to tell you what
your customers, suppliers and competitors are doing with other organisations.
With the paper-based system we trust our national postal services not to pry and sell
on information and physical envelopes have signs of tampering. With the internet we
need to have a similar if not better feeling of confidence about the data we send to
the outside world. Of course there will always be people/companies who are happy to
either do things insecurely over the internet or to develop bespoke security solutions
- that's their choice/risk. However, for this whole B2B e-commerce 'thing' to take
off big-time we MUST have secure transmissions even for basic business transactions
not just the high risk, high value financial transactions.
I'm not being unrealistic about the level of protection for the data - it will always
be possible to decrypt a file given enough time and computing power. It just has to
be appropriate for that specific type of business transaction to make it not worth
anyone's effort to decrypt it and, no doubt these 'appropriate' levels will increase
over time.
I repeat, internet security concerns are not red herrings.
Kind Regards,
Ian Williams
EDI Consultant
Email: [EMAIL PROTECTED]
Phone: +44 (0)1293 778364
"This email and any files transmitted with it are confidential and are intended solely
for the use of the individual or entity to whom they are addressed. This communication
represents the originator's personal views and opinions, which do not necessarily
reflect those of Canada Maritime. If you are not the intended recipient or the person
responsible for delivering the email to the intended recipient, be advised that you
have received this email in error, and that any use, dissemination, forward, printing,
or copying of this email is strictly prohibited. If you received this email in error,
please immediately notify the Canada Maritime Help Desk on +44 (0) 1293 778225"
=======================================================================
To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
To subscribe, mailto:[EMAIL PROTECTED]
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
