OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Threat assessment,some dissent RE: [ebxml-msg] securityproblemwithebXML MS

I am also unsure if the threat is practical.

But James and I agree on the following: the spec should say that MIME
headers may be modified in transit, for any number of benign or
malicious reasons.  This may be an issue for some applications that look
at the pyaload headers to do routing or other work. If this is an issue,
here is how to encode the original value of the headers and incorporate
that within the XML DSIG element that protects the ebXML message header.

Make sense?
Zolera Systems, Securing web services (XML, SOAP, Signatures,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC