[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Threat assessment,some dissent RE: [ebxml-msg] securityproblemwithebXML MS
I am also unsure if the threat is practical. But James and I agree on the following: the spec should say that MIME headers may be modified in transit, for any number of benign or malicious reasons. This may be an issue for some applications that look at the pyaload headers to do routing or other work. If this is an issue, here is how to encode the original value of the headers and incorporate that within the XML DSIG element that protects the ebXML message header. Make sense? /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC