[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Let's get to work
Hatem sent (pruned to the paragraph I'm asking about) > 2) With regards to whether or not the BTP message is carried in the header > or the payload, I think we should resolve this issue soon since it will > impact the format of the message. Of course placing the message in the > payload would be less invasive to the carrier protocol, but it > would impose > a heavy processing price if the message is digitally signed. I don't understand the last part. If BTP is used with application messages that are signed, the BTP messages themselves need to be secured to at least the same trust level. An attacker able to fake BTP messages can subvert the authentication of the application, so they would need to be in the same secured part of the total message. Or is the point to do with re-processing of payload, but not headers, as the combination is passed along ? But we do need to sort out the general BTP message : header / payload relationship anyway. We're trying to sort out the implications and options arising from the combined message (nee box-carring) decisions. (or recommendations, from Tuesday's meeting) Peter ------------------------------------------ Peter Furniss Technical Director, Choreology Ltd email: peter.furniss@choreology.com phone: +44 20 7670 1679 direct: +44 20 7670 1783 mobile: 07951 536168 13 Austin Friars, London EC2N 2JX
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC