axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Samisa Abeysinghe <>
Subject Re: MTOM and encryption
Date Mon, 03 Dec 2007 10:17:17 GMT
Kaushalye Kapuruge wrote:
> Hi List,
> We are experiencing some problems encrypting messages with optimized 
> MTOM attachments. Say a client need to send an image(or binary 
> content) in a confidential way. And the optimization is set to TRUE.
> In a normal scenario, where *no encryption* is available, the image 
> content is sent as a MIME attachment. But when it comes to encryption, 
> the serialization of the OM node (before the crypto process), doesn't 
> handle this optimization. Thus the image(or binary content) get lost.
> So... my question is, if the sender needs to have MTOM optimization as 
> well as message level encryption at the same time, can we provide that?

I think we can live with the case, where we say, if you need encryption, 
then you *have to use* non-optimized version of MTOM. What are the 
expectations in this context when it comes to interop? I mean what do 
the Java and .NET world do in case of secure MTOM?
> If yes, please let me know.
> If not, we have two approaches.
> 1. Mention this in the user guide, and say that if the confidentiality 
> is needed, set the optimization to FALSE.
> 2. If the user has set optimization to TRUE, we have to switch it to 
> FALSE behind the curtain and encrypt the *non-optimized* content. 
> Optionally we can optimize the CipherData contents as Rampart/Java does.

I think the second option is more practical. So +1 for approach 2.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message