ebxml-msg message

Subject: Re: Threat assessment,some dissent RE: [ebxml-msg] securityproblemwithebXML MS

From: Rich Salz <rsalz@zolera.com>
To: Doug Bunting <dougb62@yahoo.com>
Date: Tue, 13 Nov 2001 20:48:31 -0500

I am also unsure if the threat is practical.

But James and I agree on the following: the spec should say that MIME
headers may be modified in transit, for any number of benign or
malicious reasons.  This may be an issue for some applications that look
at the pyaload headers to do routing or other work. If this is an issue,
here is how to encode the original value of the headers and incorporate
that within the XML DSIG element that protects the ebXML message header.

Make sense?
	/r$
-- 
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com

References:
- Re: Threat assessment,some dissent RE: [ebxml-msg] security problemwith ebXML MS
  - From: James M Galvin <galvin@drummondgroup.com>
- Re: Threat assessment,some dissent RE: [ebxml-msg] securityproblemwith ebXML MS
  - From: Rich Salz <rsalz@zolera.com>
- Re: Threat assessment,some dissent RE: [ebxml-msg] securityproblemwith ebXML MS
  - From: Doug Bunting <dougb62@yahoo.com>