[This message was posted by Jack Du of <[email protected]> to the "Information Security" discussion forum at http://fixprotocol.org/discuss/3. You can reply to it on-line at http://fixprotocol.org/discuss/read/55469d9d - PLEASE DO NOT REPLY BY MAIL.]
> > I am now studying FIX connectivity over Internet from market maker's > > perspective. One of the challenges is to address security concern. Apart > > from SSL, I am thinking if there is any quick-win approach (like using Tag > > 98 in Logon Message) so that other market takers are willing to implement > > with minimum effort? Grateful for your idea. > > Tag 98 is not secure, at least in its standardized usage today. These > encryption methods use 56 bit DES, which has been demonstrated breakable back > in 1998. > > SSL or TLS are the current FPL recommended methods for securing FIX > connections. You can find more information here: > > http://fixprotocol.org/documents/5098/FIX%20Security%20White%20Paper-1.8-FINAL.pdf > > I would think that SSL or TLS is more of a "quick-win" than the Tag 98 > approaches. One can use the open-source product "stunnel" with FIX engines > that have no native support for SSL. However, it is easy to misconfigure > stunnel; the white paper referenced above documents issues to consider. =================== Thx Ryan. If this is the case, we will only support SSL as an interim offering. For stunnel, we shall further study and see if it could be easily implemented. Regards, Jack [You can unsubscribe from this discussion group by sending a message to mailto:[email protected]] -- You received this message because you are subscribed to the Google Groups "Financial Information eXchange" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/fix-protocol?hl=en.
