[This message was posted by Ryan Pierce (FPL Technical Director) of FIX Protocol Ltd. <[email protected]> to the "Information Security" discussion forum at http://fixprotocol.org/discuss/3. You can reply to it on-line at http://fixprotocol.org/discuss/read/2a409b88 - PLEASE DO NOT REPLY BY MAIL.]
> I am now studying FIX connectivity over Internet from market maker's > perspective. One of the challenges is to address security concern. Apart > from SSL, I am thinking if there is any quick-win approach (like using Tag 98 > in Logon Message) so that other market takers are willing to implement with > minimum effort? Grateful for your idea. Tag 98 is not secure, at least in its standardized usage today. These encryption methods use 56 bit DES, which has been demonstrated breakable back in 1998. SSL or TLS are the current FPL recommended methods for securing FIX connections. You can find more information here: http://fixprotocol.org/documents/5098/FIX%20Security%20White%20Paper-1.8-FINAL.pdf I would think that SSL or TLS is more of a "quick-win" than the Tag 98 approaches. One can use the open-source product "stunnel" with FIX engines that have no native support for SSL. However, it is easy to misconfigure stunnel; the white paper referenced above documents issues to consider. [You can unsubscribe from this discussion group by sending a message to mailto:[email protected]] -- You received this message because you are subscribed to the Google Groups "Financial Information eXchange" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/fix-protocol?hl=en.
