Jim and Suresh,
In my earlier long message I tried to summarize:
1. what kind of threats
might be provided
2. under what transport/packaging conditions
given the typical processing of
3. ebXML messages.
I considered a number of possible kinds
of threats. Apparently Jim thinks it
is only the threat of misdirection that
should be of concern. So,
for that threat, these considerations still
stand:
1. ebXML messaging processing does
not need to trust internal MIME content-type
values.
2. content-id values, if changed, will almost
certainly lead to an error condition when
they are used as part of XMLDsig signatures.
3. CPA based agreements can be used to:
a. check that internal mime content-types
are as expected. MIME error can be thrown
if enforced.
b. add digital enveloping that can encrypt the entire
MIME chunk, including the headers
(using 1847 security packaging if you like, Jim!)
Given all of this existing apparatus permitting
strong counters for the situation of MITM header
tweaking, if you still wish to mandate an
additional new security mechanism, I urged you
to hold off until the next iteration. By then,
maybe XMLEncryption will be stable or other
security proposals may have emerged that can
be cited. Maybe a tweak to the mid: or cid: URIs
that would permit mid: sub-segments-- who knows?
ebXML messaging is IMO not primarily engaged in
inventing new security solutions and countermeasures,
but instead is involved in adopting
existing stable solutions to achieve
an acceptable coverage for the standard threats
(spoofing, alteration, and sniffing).
I would rather retrofit to a dedicated
security groups carefully examined spec.
than try to throw something together at the last minute
(and we are at the last minute for 1.1).
Dale