[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 206 - Decryption by Intermediaries
I volunteered because I thought I understood this one, but now I am really scratching my head. My best guess is that the first sentence is missing a "not". Current text: Parts of a SOAP message may be encrypted in such a way that they can be decrypted by an intermediary that is targeted by one of the SOAP headers. Consequently, the exact behavior of intermediaries with respect to encrypted data is undefined and requires an out-of-band agreement. Corrected? text: Parts of a SOAP message may be encrypted in such a way that they can be decrypted by an intermediary that is not targeted by one of the SOAP headers. Consequently, the exact behavior of intermediaries with respect to encrypted data is undefined and requires an out-of-band agreement. --- I believe intermediaries that are targeted must follow the SOAP processing rules and process the entire header and remove it. However "Active" intermediaries will not follow this pattern. I suggest we add the following text following the above: For example, an Active Intermediary might temporarily decrypt some data in order to verify a signature or inspect the data, but forward the data in encrypted form. Alternatively an intermediary might decrypt some data and leave signature verification for the targeted node. --- Does anybody disagree about the missing "not"? If so, do you have any idea what the second sentence is refering to? Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]