[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] SwA timing
I can’t think of a significant use
case where the entire header needs to be secured end-to-end. The header items,
however, may leak attachment metadata, like the content-type and the
content-encoding. If someone can think of a good use case, we should leave it
in, if not, we should get rid of header security until there is a request for
it. Blake From:
Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] I agree that it is important to move this
SwA work along. It is apparent that there is one section
of the SwA profile that may introduce problems, that is the section on
including attachment headers in signatures. There is an open issue regarding
which headers to include. For this reason I have the following
questions: 1. Does anyone have a pressing need to
secure headers at this time? If not, we could remove this capability from this
draft, simplifying the specification and interop. This would reduce the
functionality. I would like to confirm that people agree this should stay in. 2. If committee members feel this section
is important, please review it and let me know which attachment headers should
be included and which not (e.g. Content-Length etc, arbitrary headers etc), and
whether correction is needed to the section. I would like to address this by tomorrow
if possible, so that a new stable draft can go out, giving people time to look
at it before the next meeting. Thanks regards, Frederick Hirsch Nokia From: ext
Anthony Nadalin [mailto:drsecure@us.ibm.com] Ideally we don't want to hold up BSP so earlier the
better, off the cuff IBM could do an early/mid Oct. interop date. So if we have
several companies ready in Oct. we should run with that and follow up with
another if folks want to test thier interoperability.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]