RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting

Why not use SSL to assure transport without intercept?


-----Original Message-----
From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf
Of noah_mendelsohn@us.ibm.com
Sent: Sunday, March 06, 2005 5:47 PM
To: Rich Salz
Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org
Subject: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re:
Minutes of the Web Services Addressing / TAG joint meeting


http://www.faqs.org/rfcs/rfc2616.htmlI wrote:

> Agreed.  I think what you're giving is an argument not to use a
network 
or 
> "underlying protocol" with insecure routing if it doesn't meet your 
needs.

Rich Salz responded:

> I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad.
> Duplicating it is acceptable.

Makes sense, thanks.  I would still expect that anyone messing with your

HTTP Request-URI is likely to cause at the very least denial of service 
due to message misrouting, except in the very particular case that the 
intruder has a hook at the receiving end after the message is delivered.


--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Received on Monday, 7 March 2005 19:03:39 UTC