RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting

> I want end-to-end security, not hop-by-hop.  I'm not alone. :)

+1

Paul Cotton, Microsoft Canada 
17 Eleanor Drive, Nepean, Ontario K2E 6A3 
Tel: (613) 225-5445 Fax: (425) 936-7329 
mailto:pcotton@microsoft.com

  

> -----Original Message-----
> From: www-tag-request@w3.org [mailto:www-tag-request@w3.org] On Behalf
Of
> Rich Salz
> Sent: March 7, 2005 8:18 PM
> To: Rice, Ed (HP.com)
> Cc: public-ws-addressing@w3.org; www-tag@w3.org
> Subject: RE: RFC 2616 (rfc2616) - Hypertext Transfer Protocol --
> HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting
> 
> 
> > I guess it depends on the content.  Normally when you use a SOAP
> > intermediary you would have your SSL connection with the
intermediary if
> > your concerned about the validity of the content.  That way the
> > intermediary becomes a trusted source (and it in-turn would have to
have
> > a trust relationship with the up-stream author of the content).
> 
> That strikes me as turning an architectural limitation into a feature.
> If I sign my content, I don't have to trust a SOAP intermediary to do
> anything more than it's business.  If that intermediary gets
> compromised, *my* content won't get screwed up.  (Choicepoint,
anyone?)
> 
> You don't trust every router that might touch your TCP packets, do
you?
> Of course not -- that's why you use SSL.  Why is the SOAP situation
> any different?
> 
> I want end-to-end security, not hop-by-hop.  I'm not alone. :)
>         /r$
> 
> --
> Rich Salz                  Chief Security Architect
> DataPower Technology       http://www.datapower.com
> XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
> 

Received on Tuesday, 8 March 2005 01:33:14 UTC