[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [ebxml-msg] security problem with ebXML MS
> I like your rules. The only thing I would add is to exclude CTE. Do we need to > worry about line terminators? Part of the canonicalization would be to use a specified line-separator between the headers; \n or \r\n, whatever you pick. I deliberately didn't specify WHICH headers to encode, it's up to the sender to determine which ones to protect. The spec should advise, of course. (By the way, for what it's worth, I don't think this defense will be necessary in real pratice.) /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC