- From: Rice, Ed (HP.com) <ed.rice@hp.com>
- Date: Mon, 7 Mar 2005 16:55:01 -0800
- To: "Paul Cotton" <pcotton@microsoft.com>, <noah_mendelsohn@us.ibm.com>, "Rich Salz" <rsalz@datapower.com>
- Cc: "Mark Baker" <distobj@acm.org>, <public-ws-addressing@w3.org>, <www-tag@w3.org>
I guess it depends on the content. Normally when you use a SOAP intermediary you would have your SSL connection with the intermediary if your concerned about the validity of the content. That way the intermediary becomes a trusted source (and it in-turn would have to have a trust relationship with the up-stream author of the content). Short of that, can you assure the content is secure? -----Original Message----- From: Paul Cotton [mailto:pcotton@microsoft.com] Sent: Monday, March 07, 2005 3:12 PM To: Rice, Ed (HP.com); noah_mendelsohn@us.ibm.com; Rich Salz Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org Subject: RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting Maybe because you want to enable intercept e.g. SOAP intermediaries. /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:pcotton@microsoft.com > -----Original Message----- > From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf Of > Rice, Ed (HP.com) > Sent: March 7, 2005 2:02 PM > To: noah_mendelsohn@us.ibm.com; Rich Salz > Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org > Subject: RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- > HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting > > > Why not use SSL to assure transport without intercept? > > > -----Original Message----- > From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf > Of noah_mendelsohn@us.ibm.com > Sent: Sunday, March 06, 2005 5:47 PM > To: Rich Salz > Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org > Subject: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: > Minutes of the Web Services Addressing / TAG joint meeting > > > http://www.faqs.org/rfcs/rfc2616.htmlI wrote: > > > Agreed. I think what you're giving is an argument not to use a > network > or > > "underlying protocol" with insecure routing if it doesn't meet your > needs. > > Rich Salz responded: > > > I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad. > > Duplicating it is acceptable. > > Makes sense, thanks. I would still expect that anyone messing with your > > HTTP Request-URI is likely to cause at the very least denial of service > due to message misrouting, except in the very particular case that the > intruder has a hook at the receiving end after the message is delivered. > > > -------------------------------------- > Noah Mendelsohn > IBM Corporation > One Rogers Street > Cambridge, MA 02142 > 1-617-693-4036 > -------------------------------------- > > > >
Received on Tuesday, 8 March 2005 00:55:22 UTC