[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] SwA | Canonicalizing Content-Length MIME header
Maneesh
You raise three good points about the
Attachment-Complete Reference Transform section 4.2.2
1. Do we really need to have the capability to include
headers in a signature?
2. If we do, shouldn't all "application level" MIME
headers be included? Currently only those explicitly listed
are.
3. Should we remove Content-Length and MIME-version
from the list? In general, is the list correct?
I suspect there is value to redundancy in checking that
headers weren't changed (e.g. if the Content-Length header value is shortened
without detection couldn't that be an attack?)
Is it correct that the MIME processing layer will pass
the appropriate Content-Length after transfer-encoding is "undone" or is there
an issue here?
I'd like to understand what others agree before
attempting any changes in this area.
Thanks
regards, Frederick
Frederick Hirsch
Nokia From: ext Maneesh Sahu [mailto:maneesh@westbridgetech.com] Sent: Wednesday, September 01, 2004 2:46 PM To: Hirsch Frederick (Nokia-TP/Boston); wss@lists.oasis-open.org Subject: RE: [wss] SwA | Canonicalizing Content-Length MIME header The MIME headers
besides Content-Length- MIME-Version, Content-Id, etc provide information not
available in the MIME part’s body. One can infer the Content-Length from the
size of the MIME Part’s body. The Content-Length is a
function of the Content-Transfer-Encoding that Lines 130 and 131 mention as out
of scope. Also, this header is primarily meant for efficiency purposes while
receiving data (setting up buffer sizes et al). Westbridge Technology,
Inc. From:
Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] Maneesh if the header is signed
then it needs to be in a single format. Which information is
redundant? Perhaps I am
misunderstanding your comment. regards, Frederick
Hirsch Nokia From: ext
What is the value in canonicalizing
the Content-Length MIME header? This information is
redundant. Westbridge Technology,
Inc. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]