An important web services security requirement is nonrepudiation. This requirement prevents a party from denying it sent or received a message. The way to implement this is using Xml Digital Signatures. For example, if I sent a message which is signed with my private key, I cannot later deny that I sent it.
A common mistake is to think that every web service that require an X.509 certificate ensures nonrepudiation. This goes without say for web services that only require server certificate - in these services clients are either anonymous or username/password identified, which is considered weak cryptographically material.
However, also when a client X.509 is involved, nonrepudiation is not always guaranteed. For example, let's examine a Wcf service which uses WsHttpBinding with TransportWithMessageCredential and clientCredentialType="Certificate":
This is how the client request looks like:
The message body is not signed! This practically means anyone who has this message (for example the server) can extract the signed parts and resend them with a bogus body.
0 comments:
Post a Comment