Why not use SSL to assure transport without intercept? -----Original Message----- From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf Of noah_mendelsohn@us.ibm.com Sent: Sunday, March 06, 2005 5:47 PM To: Rich Salz Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org Subject: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting http://www.faqs.org/rfcs/rfc2616.htmlI wrote: > Agreed. I think what you're giving is an argument not to use a network or > "underlying protocol" with insecure routing if it doesn't meet your needs. Rich Salz responded: > I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad. > Duplicating it is acceptable. Makes sense, thanks. I would still expect that anyone messing with your HTTP Request-URI is likely to cause at the very least denial of service due to message misrouting, except in the very particular case that the intruder has a hook at the receiving end after the message is delivered. -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------Received on Monday, 7 March 2005 19:03:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:55:58 GMT