Re: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1Re: Minutes of the Web Services Addressing / TAG joint meeting

> Makes sense, thanks.  I would still expect that anyone messing with your 
> HTTP Request-URI is likely to cause at the very least denial of service 
> due to message misrouting, except in the very particular case that the 
> intruder has a hook at the receiving end after the message is delivered. 

Yes, you'd expect a DoS.  You could notice this if you got at least a 
signed ACK back from the server, even in the case of a one-way MEP.  If 
you truly want a "no response" back from the server, then you could 
protect yourself at the transport layer by using SSL, which would 
prevent your special case of man-in-the-middle attack.

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html

Received on Monday, 7 March 2005 15:15:25 UTC