W3C home > Mailing lists > Public > www-tag@w3.org > March 2005

RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting

From: <noah_mendelsohn@us.ibm.com>
Date: Sun, 6 Mar 2005 20:46:31 -0500
To: Rich Salz <rsalz@datapower.com>
Cc: Mark Baker <distobj@acm.org>, "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <OF982B4B15.0538A37D-ON85256FBD.00097ACB@lotus.com> 

http://www.faqs.org/rfcs/rfc2616.htmlI wrote:

> Agreed.  I think what you're giving is an argument not to use a network 
or 
> "underlying protocol" with insecure routing if it doesn't meet your 
needs.

Rich Salz responded:

> I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad.
> Duplicating it is acceptable.

Makes sense, thanks.  I would still expect that anyone messing with your 
HTTP Request-URI is likely to cause at the very least denial of service 
due to message misrouting, except in the very particular case that the 
intruder has a hook at the receiving end after the message is delivered. 

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
Received on Monday, 7 March 2005 01:53:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 September 2008 07:02:07 GMT