W3C home > Mailing lists > Public > public-ws-addressing-eds@w3.org > April to June 2005

2004/ws/addressing ws-addr-core.xml,1.92,1.93 ws-addr-soap.xml,1.73,1.74

From: Marc Hadley via cvs-syncmail <cvsmail@w3.org>
Date: Thu, 02 Jun 2005 18:15:30 +0000
To: public-ws-addressing-eds@w3.org
Message-Id: <E1DduE6-0005gP-F0@lionel-hutz.w3.org> 

Update of /sources/public/2004/ws/addressing
In directory hutz:/tmp/cvs-serv21829

Modified Files:
	ws-addr-core.xml ws-addr-soap.xml 
Log Message:
Added resolution to issue lc37 - added DOS attack security considerations

Index: ws-addr-core.xml
===================================================================
RCS file: /sources/public/2004/ws/addressing/ws-addr-core.xml,v
retrieving revision 1.92
retrieving revision 1.93
diff -C2 -d -r1.92 -r1.93
*** ws-addr-core.xml	2 Jun 2005 18:07:42 -0000	1.92
--- ws-addr-core.xml	2 Jun 2005 18:15:28 -0000	1.93
***************
*** 820,823 ****
--- 820,831 ----
                  an unsolicited reply to an outstanding request without having to 
                  see the actual request message.</p>
+             <p>When [reply endpoint] and/or [fault endpoint] do not contain the
+                 anonymous URI, the processor of such an EPR should take care to avoid
+                 a denial of service attack caused by opening an excessive number
+                 network connections, which are typically a scarce resource.</p>
+             <p>Care should be taken to avoid participating in a denial of service
+                 attack in which an attacker sends messages to many receivers
+                 and includes a [reply endpoint] or [fault endpoint] for the target
+                 of the attack.</p>
          </div1>
          <div1 id="references">

Index: ws-addr-soap.xml
===================================================================
RCS file: /sources/public/2004/ws/addressing/ws-addr-soap.xml,v
retrieving revision 1.73
retrieving revision 1.74
diff -C2 -d -r1.73 -r1.74
*** ws-addr-soap.xml	2 Jun 2005 17:43:52 -0000	1.73
--- ws-addr-soap.xml	2 Jun 2005 18:15:28 -0000	1.74
***************
*** 679,683 ****
          additional security and sanity checks to prevent unintended
          actions.</p>
!       <div2 id="intseccons">
          <head>Additional Considerations for SOAP Intermediaries</head>
          <p>To avoid breaking signatures, intermediaries MUST NOT change
--- 679,683 ----
          additional security and sanity checks to prevent unintended
          actions.</p>
!      <div2 id="intseccons">
          <head>Additional Considerations for SOAP Intermediaries</head>
          <p>To avoid breaking signatures, intermediaries MUST NOT change
Received on Thursday, 2 June 2005 18:15:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:19:40 GMT