RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting

I guess it depends on the content.  Normally when you use a SOAP
intermediary you would have your SSL connection with the intermediary if
your concerned about the validity of the content.  That way the
intermediary becomes a trusted source (and it in-turn would have to have
a trust relationship with the up-stream author of the content).

Short of that, can you assure the content is secure?

-----Original Message-----
From: Paul Cotton [mailto:pcotton@microsoft.com] 
Sent: Monday, March 07, 2005 3:12 PM
To: Rice, Ed (HP.com); noah_mendelsohn@us.ibm.com; Rich Salz
Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org
Subject: RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol --
HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting

Maybe because you want to enable intercept e.g. SOAP intermediaries.

/paulc

Paul Cotton, Microsoft Canada 
17 Eleanor Drive, Nepean, Ontario K2E 6A3 
Tel: (613) 225-5445 Fax: (425) 936-7329 
mailto:pcotton@microsoft.com

  

> -----Original Message-----
> From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf
Of
> Rice, Ed (HP.com)
> Sent: March 7, 2005 2:02 PM
> To: noah_mendelsohn@us.ibm.com; Rich Salz
> Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org
> Subject: RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol --
> HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting
> 
> 
> Why not use SSL to assure transport without intercept?
> 
> 
> -----Original Message-----
> From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf
> Of noah_mendelsohn@us.ibm.com
> Sent: Sunday, March 06, 2005 5:47 PM
> To: Rich Salz
> Cc: Mark Baker; public-ws-addressing@w3.org; www-tag@w3.org
> Subject: RFC 2616 (rfc2616) - Hypertext Transfer Protocol --
HTTP/1.1Re:
> Minutes of the Web Services Addressing / TAG joint meeting
> 
> 
> http://www.faqs.org/rfcs/rfc2616.htmlI wrote:
> 
> > Agreed.  I think what you're giving is an argument not to use a
> network
> or
> > "underlying protocol" with insecure routing if it doesn't meet your
> needs.
> 
> Rich Salz responded:
> 
> > I'm saying that "moving" the wsa:To into an HTTP Request-URI is bad.
> > Duplicating it is acceptable.
> 
> Makes sense, thanks.  I would still expect that anyone messing with
your
> 
> HTTP Request-URI is likely to cause at the very least denial of
service
> due to message misrouting, except in the very particular case that the
> intruder has a hook at the receiving end after the message is
delivered.
> 
> 
> --------------------------------------
> Noah Mendelsohn
> IBM Corporation
> One Rogers Street
> Cambridge, MA 02142
> 1-617-693-4036
> --------------------------------------
> 
> 
> 
> 

Received on Tuesday, 8 March 2005 00:55:22 UTC