Another Security Consideration from Jonathan Marsh on 2005-05-03 (public-ws-addressing-comments@w3.org from May 2005)

From: Jonathan Marsh <jmarsh@microsoft.com>
Date: Tue, 3 May 2005 14:10:00 -0700
To: <public-ws-addressing-comments@w3.org>
Message-ID: <7DA77BF2392448449D094BCEF67569A50766A1A3@RED-MSG-30.redmond.corp.microsoft.com>

Our security experts have uncovered another consideration that we plan
to address in our WS-Addressing implementation.  It might prove valuable
to other implementers as well.

The current Security Considerations section (4) in the Core spec says:
  
  "Some processors may use message identifiers ([message id]) as part of
  a uniqueness metric in order to detect replays of messages. Care
  should be taken to ensure that for purposes of replay detection, the
  message identifier is combined with other data, such as a timestamp,
  so that a legitimate retransmission of the message is not confused
  with a replay attack.

We propose to append the following to that paragraph:

  "It is also advisable to use message identifiers that are not
  predictable, to prevent attackers from constructing and sending
  an unsolicited reply to an outstanding request without having to 
  see the actual request message."

Received on Tuesday, 3 May 2005 21:10:18 UTC