- From: Rich Salz <rsalz@datapower.com>
- Date: Mon, 07 Mar 2005 10:16:22 -0500
- To: noah_mendelsohn@us.ibm.com
- CC: Mark Baker <distobj@acm.org>, "public-ws-addressing@w3.org" <public-ws-addressing@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
> Makes sense, thanks. I would still expect that anyone messing with your > HTTP Request-URI is likely to cause at the very least denial of service > due to message misrouting, except in the very particular case that the > intruder has a hook at the receiving end after the message is delivered. Yes, you'd expect a DoS. You could notice this if you got at least a signed ACK back from the server, even in the case of a one-way MEP. If you truly want a "no response" back from the server, then you could protect yourself at the transport layer by using SSL, which would prevent your special case of man-in-the-middle attack. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
Received on Monday, 7 March 2005 15:15:27 UTC