Interfacing with online bank

John Klar
Mon, 24 Jul 2000 11:18:28 -0400

Dave Peticolas wrote:
> I think you are right, except that OFX is SGML.

The 2.0 proposal mandates XML (and HTTPS).  I'm under the impression the
DTD's for earlier versions are "close-enough" to XML.  Unfortunately my
copies of the docs are at home.  Will verify later tonight.

> There are existing tools (OpenSSL, Curl) that we could use instead of
> writing our own to do the communication.

I'm under the, possible mistaken, assumption that most https servers, at
least those most likely to be used by a financial institution, use
SSLv2.  SSLv2 is dependent on RSA which has licensing issues in the USA.

The general US crypto laws also apply/applied to plugin or stub
architectures that allow dropin crypto modules.  I am aware that US
Crypto restrictions are easing and that financial/banking software has
some further dispensation.

I have some hazy idea that the OFX interface can be coded as a GNOME
(CORBA) component data source independent of a specific client.  I
believe this sidesteps the plugin restrictions, but IANAL.

- John