RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting

http://www.faqs.org/rfcs/rfc2616.htmlI wrote:

> Agreed.  I think what you're giving is an argument not to use a network 
or 
> "underlying protocol" with insecure routing if it doesn't meet your 
needs.

Rich Salz responded:

> I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad.
> Duplicating it is acceptable.

Makes sense, thanks.  I would still expect that anyone messing with your 
HTTP Request-URI is likely to cause at the very least denial of service 
due to message misrouting, except in the very particular case that the 
intruder has a hook at the receiving end after the message is delivered. 

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Received on Monday, 7 March 2005 01:53:55 UTC