Return-Path: Delivered-To: apmail-ws-axis-c-dev-archive@www.apache.org Received: (qmail 58149 invoked from network); 3 Dec 2007 15:20:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Dec 2007 15:20:11 -0000 Received: (qmail 23013 invoked by uid 500); 3 Dec 2007 15:19:59 -0000 Delivered-To: apmail-ws-axis-c-dev-archive@ws.apache.org Received: (qmail 22996 invoked by uid 500); 3 Dec 2007 15:19:59 -0000 Mailing-List: contact axis-c-dev-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: "Apache AXIS C Developers List" Reply-To: "Apache AXIS C Developers List" Delivered-To: mailing list axis-c-dev@ws.apache.org Received: (qmail 22985 invoked by uid 99); 3 Dec 2007 15:19:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Dec 2007 07:19:59 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.68.5.16] (HELO relay02.pair.com) (209.68.5.16) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 03 Dec 2007 15:19:36 +0000 Received: (qmail 83023 invoked from network); 3 Dec 2007 15:19:36 -0000 Received: from unknown (HELO ?10.100.1.163?) (unknown) by unknown with SMTP; 3 Dec 2007 15:19:36 -0000 X-pair-Authenticated: 123.231.21.16 Message-ID: <47541F03.9050008@wso2.com> Date: Mon, 03 Dec 2007 20:51:39 +0530 From: Kaushalye Kapuruge User-Agent: Thunderbird 1.5.0.4 (X11/20060713) MIME-Version: 1.0 To: Apache AXIS C Developers List Subject: Re: MTOM and encryption References: <4753CE32.90908@wso2.com> <4753D7AD.6050209@wso2.com> <87prxnj11i.fsf@etch.wso2.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Thilina Gunarathne wrote: >> I do not understand why somebody need to encrypt MTOM >> attachment. >> > Actually one of the main motivations behind introducing MTOM is the > ability to secure the attachments. > > >> But when it comes to encryption, >> the serialization of the OM node (before the crypto process), doesn't >> handle this optimization. Thus the image(or binary content) get lost. >> > In the case of Axis2/Java, OMText.getText() always gives a string > representation of the content. If the content is Binary, it'll > automatically base64 encode it.. So this means the optimization is turned OFF. Basically its the approach #2 as I suggested. Correct me if I'm wrong. -Kau > Axis2/Java security only needs to > call the OMText.getText(), irrespective of whether it's a binary or > normal text..This method also conforms to the MTOM spec, as it describes MTOM as > selectively encoding of binary data either as base64 or as XOP MIME > attachments. > > thanks, > Thilina > > >> AFAIU, There is no real value in MTOM message unless MTOM >> receiving endpoint. There is no point eavesdropping MTOM message I >> guess. Please bare with my limited security knowledge. >> >> thanks, >> Dinesh >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org >> For additional commands, e-mail: axis-c-dev-help@ws.apache.org >> >> >> > > > > -- http://blog.kaushalye.org/ http://wso2.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org For additional commands, e-mail: axis-c-dev-help@ws.apache.org