> Makes sense, thanks. I would still expect that anyone messing with your > HTTP Request-URI is likely to cause at the very least denial of service > due to message misrouting, except in the very particular case that the > intruder has a hook at the receiving end after the message is delivered. Yes, you'd expect a DoS. You could notice this if you got at least a signed ACK back from the server, even in the case of a one-way MEP. If you truly want a "no response" back from the server, then you could protect yourself at the transport layer by using SSL, which would prevent your special case of man-in-the-middle attack. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.htmlReceived on Monday, 7 March 2005 15:15:27 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:55:58 GMT