OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

bdxr message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (BDXR-14) Signing of redirect responses

    [ https://issues.oasis-open.org/browse/BDXR-14?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=68982#comment-68982 ] 

Ken Holman commented on BDXR-14:

This is assigned to me ... is there a specific schema requirement?  Digital signatures are schema artefacts and not business objects in the data model.

> Signing of redirect responses
> -----------------------------
>                 Key: BDXR-14
>                 URL: https://issues.oasis-open.org/browse/BDXR-14
>             Project: OASIS Business Document Exchange (BDXR) TC
>          Issue Type: New Feature
>          Components: Documentation, XML Schema
>    Affects Versions: SMP 2.0
>            Reporter: Erlend Klakegg Bergheim
>            Assignee: Ken Holman
>            Priority: Minor
> Currently is redirect responses not signed by the responding SMP server. This makes it possible for man-in-the-middle attacks where a redirect is provided pointing to a location containing invalid SMP response. Such an attack will result in problems delivering transmissions for access points.
> By adding a signature to the redirect response is it possible for the client to verify also the redirect in the same manner as service groups.

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]