- From: <noah_mendelsohn@us.ibm.com>
- Date: Sun, 6 Mar 2005 20:46:31 -0500
- To: Rich Salz <rsalz@datapower.com>
- Cc: Mark Baker <distobj@acm.org>, "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
http://www.faqs.org/rfcs/rfc2616.htmlI wrote: > Agreed. I think what you're giving is an argument not to use a network or > "underlying protocol" with insecure routing if it doesn't meet your needs. Rich Salz responded: > I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad. > Duplicating it is acceptable. Makes sense, thanks. I would still expect that anyone messing with your HTTP Request-URI is likely to cause at the very least denial of service due to message misrouting, except in the very particular case that the intruder has a hook at the receiving end after the message is delivered. -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------
Received on Monday, 7 March 2005 01:53:54 UTC