- From: Rice, Ed (HP.com) <ed.rice@hp.com>
- Date: Mon, 7 Mar 2005 11:01:47 -0800
- To: <noah_mendelsohn@us.ibm.com>, "Rich Salz" <rsalz@datapower.com>
- Cc: "Mark Baker" <distobj@acm.org>, <public-ws-addressing@w3.org>, <www-tag@w3.org>
Why not use SSL to assure transport without intercept? -----Original Message----- From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf Of noah_mendelsohn@us.ibm.com Sent: Sunday, March 06, 2005 5:47 PM To: Rich Salz Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org Subject: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting http://www.faqs.org/rfcs/rfc2616.htmlI wrote: > Agreed. I think what you're giving is an argument not to use a network or > "underlying protocol" with insecure routing if it doesn't meet your needs. Rich Salz responded: > I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad. > Duplicating it is acceptable. Makes sense, thanks. I would still expect that anyone messing with your HTTP Request-URI is likely to cause at the very least denial of service due to message misrouting, except in the very particular case that the intruder has a hook at the receiving end after the message is delivered. -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------
Received on Monday, 7 March 2005 19:03:39 UTC