[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: i016: comments and proposal
This issue should split into two because there a separate factors at play here. The first is that the RMD and RMS need to be able to ascertain that the wsrm:Sequence and wsrm:SequenceAcknowledgement headers originated from the RMS or RMD (respectively) that jointly owns the Sequence to which they refer. The other factor is that you need to make sure that implementations bind their wsrm:Sequence headers to the bodies that they apply to using a common signature. This doesn't apply to wsrm:SequenceAcknowledgment headers, since those don't have any relationship to the soap:Body elements with which they share an envelope.
I propose that i016 should be narrowed to refer to the second of these two factors (common signature for wsrm:Sequence header) and that we create a new issue to track which headers must be signed if you are securing a Sequence using the mechanisms described in Section 6.1 of WS-RM.
proposal
-------------------------------------------------------------
[add a sub-section to section 4]
4.x Signature Coverage
As discussed in Section 5.1.1 of WS-ReliableMessaging, any mechanism which allows an attacker to alter the linkage of an wsrm:Sequence header block to its intended message represents a threat to the WS-RM protocol.
Rxxxx: When present in an ENVELOPE, the wsrm:Sequence header block MUST be bound to the soap:Body by a common signature that includes both the wsrm:Sequence header block and the soap:Body.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]