Just noticed Simon’s reference to his SOAP SMTP binding spec. Section 6, “Security Considerations” says “This should introduce no new security considerations.”. Bzzt! 8-)

Consider that by requiring the SOAP response in a new email, rather than using the SMTP response as the response, you’re requiring that any deployed implementation of software conforming to this specification, include an automated responder where none was previously. That is, what was once a safe “input only” protocol (SMTP), has been turned into a request/response protocol. There’s oodles of new security considerations to consider because of that.

Trackback

no comment until now

Add your comment now


Warning: Undefined variable $user_ID in /homepages/16/d135909399/htdocs/markbaker.ca/blog/wp-content/themes/simpleblocks/comments.php on line 100