[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (BDXR-14) Signing of redirect responses
[ https://issues.oasis-open.org/browse/BDXR-14?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=67776#comment-67776 ] Erlend Klakegg Bergheim commented on BDXR-14: --------------------------------------------- We agree that all SMP redirect responses MUST be signed as of 2.0. > Signing of redirect responses > ----------------------------- > > Key: BDXR-14 > URL: https://issues.oasis-open.org/browse/BDXR-14 > Project: OASIS Business Document Exchange (BDXR) TC > Issue Type: New Feature > Components: Documentation, XML Schema > Affects Versions: SMP 2.0 > Reporter: Erlend Klakegg Bergheim > Priority: Minor > > Currently is redirect responses not signed by the responding SMP server. This makes it possible for man-in-the-middle attacks where a redirect is provided pointing to a location containing invalid SMP response. Such an attack will result in problems delivering transmissions for access points. > By adding a signature to the redirect response is it possible for the client to verify also the redirect in the same manner as service groups. -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]