RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting from Rice, Ed (HP.com) on 2005-03-07 (www-tag@w3.org from March 2005)

From: Rice, Ed (HP.com) <ed.rice@hp.com>
Date: Mon, 7 Mar 2005 11:01:47 -0800
To: <noah_mendelsohn@us.ibm.com>, "Rich Salz" <rsalz@datapower.com>
Cc: "Mark Baker" <distobj@acm.org>, <public-ws-addressing@w3.org>, <www-tag@w3.org>
Message-ID: <7D6953BFA3975C44BD80BA89292FD60E01678375@cacexc08.americas.cpqcorp.net>

Why not use SSL to assure transport without intercept?


-----Original Message-----
From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf
Of noah_mendelsohn@us.ibm.com
Sent: Sunday, March 06, 2005 5:47 PM
To: Rich Salz
Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org
Subject: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re:
Minutes of the Web Services Addressing / TAG joint meeting


http://www.faqs.org/rfcs/rfc2616.htmlI wrote:

> Agreed.  I think what you're giving is an argument not to use a
network 
or 
> "underlying protocol" with insecure routing if it doesn't meet your 
needs.

Rich Salz responded:

> I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad.
> Duplicating it is acceptable.

Makes sense, thanks.  I would still expect that anyone messing with your

HTTP Request-URI is likely to cause at the very least denial of service 
due to message misrouting, except in the very particular case that the 
intruder has a hook at the receiving end after the message is delivered.


--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Received on Monday, 7 March 2005 19:03:38 UTC