- From: Rich Salz <rsalz@zolera.com>
- Date: Mon, 11 Feb 2002 22:21:31 -0500
- To: Christopher Ferris <chris.ferris@sun.com>
- CC: Henrik Frystyk Nielsen <henrikn@microsoft.com>, Noah Mendelsohn <noah_mendelsohn@us.ibm.com>, xml-dist-app@w3.org
Chris, your note starts to bring up the subtleties involved in signing SOAP messages. Since intermediaries can add or remove header elements, how can I as a sender sign message to be robust in the face of buggy or malicious intermediaries who might add header elements with the same QNAME as I originally signed? I think we need to define an ID attribute, just like soap-enc. Is there another approach I've missed? Perhaps more importantly, if intermediate rewrites make it unrealistic to sign an entire message, but I instead must enumerate the applicable elements, then I can't use XML C14N (because an adversary might change namespace decls, as you pointed out), but must instead using exclusive canonicalization, which just finished Last Call. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com
Received on Monday, 11 February 2002 22:40:11 UTC