I your example the opportunity cost lost by company B in sniffing your
data would outweigh any savings they may receive from finding out what
Company A's discounts are. Company B would have to have time, hire
hacks and processing power - bottom line a waste of time and effort -
there are better ways for company B to find a lower price. They will
probably go to a competitor of yours who has no qualms of transacting
commerce over the Internet.
I repeat, avoiding EDI over the Internet because of security concerns is
ridiculous.
-RD
"Williams, Ian" wrote:
>
> <snip>
>
> > Why do you care about someone else's purchase orders or
> > invoices anyway? - it's a red herring. Avoiding EDI over the Internet
> > because of security concerns is ridiculous.
> >
> > --
> > Richard Druckenmiller
> > [EMAIL PROTECTED]
> >
>
> I disagree, it's not a red herring, it's a big nasty shark waiting in the wings to
>bite you due to the basic principle that 'information is power'.
>
> If company A and B buy goods from me but I give company A a massive discount, I
>don't particularly want company B to find out by sniffing around my invoices that I
>send insecurely over the internet and start applying even more price pressure on me.
>
> If I buy goods/services from supplier X and have negotiated a good discount with
>them, I don't necessarily want my customers or competitors finding out where I've
>sourced such a good deal or any special terms I've negotiated that may be on my
>orders that I send insecurely over the internet.
>
> This kind of sniffing may not be profitable at the moment but if 'everyone' started
>sending all their current paper transactions via the internet insecurely, you can bet
>your bottom dollar that a whole industry would spring up offering to tell you what
>your customers, suppliers and competitors are doing with other organisations.
>
> With the paper-based system we trust our national postal services not to pry and
>sell on information and physical envelopes have signs of tampering. With the
>internet we need to have a similar if not better feeling of confidence about the data
>we send to the outside world. Of course there will always be people/companies who
>are happy to either do things insecurely over the internet or to develop bespoke
>security solutions - that's their choice/risk. However, for this whole B2B
>e-commerce 'thing' to take off big-time we MUST have secure transmissions even for
>basic business transactions not just the high risk, high value financial transactions.
>
> I'm not being unrealistic about the level of protection for the data - it will
>always be possible to decrypt a file given enough time and computing power. It just
>has to be appropriate for that specific type of business transaction to make it not
>worth anyone's effort to decrypt it and, no doubt these 'appropriate' levels will
>increase over time.
>
> I repeat, internet security concerns are not red herrings.
>
> Kind Regards,
>
> Ian Williams
> EDI Consultant
> Email: [EMAIL PROTECTED]
> Phone: +44 (0)1293 778364
> "This email and any files transmitted with it are confidential and are intended
>solely for the use of the individual or entity to whom they are addressed. This
>communication represents the originator's personal views and opinions, which do not
>necessarily reflect those of Canada Maritime. If you are not the intended recipient
>or the person responsible for delivering the email to the intended recipient, be
>advised that you have received this email in error, and that any use, dissemination,
>forward, printing, or copying of this email is strictly prohibited. If you received
>this email in error, please immediately notify the Canada Maritime Help Desk on +44
>(0) 1293 778225"
>
> =======================================================================
> To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
> To subscribe, mailto:[EMAIL PROTECTED]
> To contact the list owner: mailto:[EMAIL PROTECTED]
> Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
--
Richard Druckenmiller
[EMAIL PROTECTED]
=======================================================================
To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
To subscribe, mailto:[EMAIL PROTECTED]
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/