[WSS-533] Also use signing key when trying to detect message replay attacks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.4, 1.6.19, 2.1.0
Component/s: None
Labels:
None

Description

Currently we use the Timestamp created value + signature value as a key to avoid message replay attacks. However it's possible that we could have two signatures in the security header that sign the Timestamp, but with different keys. This task is to add the hashed encoded version of the key as part of the caching key to allow for this scenario.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/Apr/15 10:24

Updated:: 28/Apr/15 09:29

Resolved:: 15/Apr/15 10:32