- From: Rich Salz <rsalz@datapower.com>
- Date: Thu, 09 Jun 2005 12:12:36 -0400
- To: David Hull <dmh@tibco.com>
- CC: public-ws-async-tf@w3.org
> * Traffic is meant to be secured. In this case, the empty 2xx > marker reveals information (namely that there was no fault), while > an encrypted SOAP message response doesn't. This only if the encrypted SOAP message is roughly the same length as fault message. I think the right answer to address this concern is SSL/TLS, which probably obscures the plaintext size enough to thwart this kind of traffic analysis. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
Received on Thursday, 9 June 2005 16:07:44 UTC