OASIS ebXML Messaging Services TC

Re: Threat assessment,some dissent RE: [ebxml-msg] securityproblemwithebXML MS

  • 1.  Re: Threat assessment,some dissent RE: [ebxml-msg] securityproblemwithebXML MS

    Posted 11-13-2001 20:48
    I am also unsure if the threat is practical.
    
    But James and I agree on the following: the spec should say that MIME
    headers may be modified in transit, for any number of benign or
    malicious reasons.  This may be an issue for some applications that look
    at the pyaload headers to do routing or other work. If this is an issue,
    here is how to encode the original value of the headers and incorporate
    that within the XML DSIG element that protects the ebXML message header.
    
    Make sense?
    	/r$
    -- 
    Zolera Systems, Securing web services (XML, SOAP, Signatures,
    Encryption)
    http://www.zolera.com