ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (WSS-533) Also use signing key when trying to detect message replay attacks
Date Wed, 15 Apr 2015 10:32:59 GMT

     [ https://issues.apache.org/jira/browse/WSS-533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh resolved WSS-533.
-------------------------------------
    Resolution: Fixed

> Also use signing key when trying to detect message replay attacks
> -----------------------------------------------------------------
>
>                 Key: WSS-533
>                 URL: https://issues.apache.org/jira/browse/WSS-533
>             Project: WSS4J
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.0.4, 1.6.19, 2.1.0
>
>
> Currently we use the Timestamp created value + signature value as a key to avoid message
replay attacks. However it's possible that we could have two signatures in the security header
that sign the Timestamp, but with different keys. This task is to add the hashed encoded version
of the key as part of the caching key to allow for this scenario.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message