[OTDev] A&A: precautions against pre-registering resources
Luchesar V. ILIEV luchesar.iliev at gmail.comMon Jun 28 21:54:14 CEST 2010
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jun 28, 2010 at 22:27, Luchesar V. ILIEV <luchesar.iliev at gmail.com> wrote: > [...snip...] > > In other words, if the service gets a request for the resource above > from an address, which reverse-resolves to, say, badguy.aol.com, then > the policy service will reject the request straight away. That was ambiguous, sorry. Should have read instead: In other words, if the _policy_ service gets a _policy_creation_ request for the resource above from an address that reverse-resolves to, say, badguy.aol.com, then the policy service will reject the request straight away (because badguy.aol.com != serviceA.opentox.org). L. P.S. And, in the case of SSL/TLS, it would read: In other words, if the _policy_ service gets a _policy_creation_ request for the resource above via a secure connection where the client certificate has been issued to badguy.aol.com, then the policy service will reject the request straight away (because badguy.aol.com != serviceA.opentox.org). Of course, if the bad guy doesn't present valid certificate in the first place (that is, issued by a trusted certification authority), then no connection would happen at all.
- Previous message: [OTDev] A&A: precautions against pre-registering resources
- Next message: [OTDev] A&A: precautions against pre-registering resources
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list