ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Granqvist, Hans" <hgranqv...@verisign.com>
Subject RE: order of sign and encr in .NET
Date Fri, 08 Jul 2005 15:30:12 GMT
> The ordering of elements is the _only_ information about the 
> processing sequence. How could the receiver otherwise 
> determine that it should first check Signature, then decrypt?

I agree somewhat, but note it says SHOULD, not MUST, which means
a different processing order is still valid WSS.

Normally, WSS processing requirements would be expressed in 
some policy (e.g., WS-Policy and its derivates, or perhaps just 
a business agreement between parties) or by stated adherence to
a profile (e.g., WS-I BSP 1.0, which coincidentally changes the 
SHOULD above to a MUST). 

An application that ad-hoc processes WSS messages should 
probably be considered broken from a security point of view. 

Hans

Mime
View raw message