[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: cap:image and cap:audio
The spec as it stands carries audio files and images as references to the actual files. While this reduces the size of the alert message, it has a disadvantage. If the message is digitally signed, the protection this provides is not extended to the image/audio files. So a hacker could replace the picture of a missing child with one of Mickey Mouse for example, and the security and validation mechanisms would not detect the alteration.
I suggest we may want to actually embed the files in the xml document (as Base64 encoded strings perhaps), so that the message integrity can be verified.
Thoughts/comments?
Regards,
Brian Pattinson
Unisys Corporation
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]