[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Recently discover WSS security threat
Michael McIntosh wrote on 5/27/2005, 5:34 PM: > > //soap:Envelope/soap:Header/wsa:ReplyTo[@wsu:Id="theReplyTo"] This does protect the header from being moved. However, it does leave open a possible problem when the header is allowed to be multi-occurance. The sender may sign and include one instance of the header. A MITM may insert addtional versions of the header before and/or after the signed header. The client needs to be aware of which was signed and which was not and to deal with it as appropriate. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]