> I do not understand why somebody need to encrypt MTOM > attachment. Actually one of the main motivations behind introducing MTOM is the ability to secure the attachments.
>But when it comes to encryption, >the serialization of the OM node (before the crypto process), doesn't >handle this optimization. Thus the image(or binary content) get lost. In the case of Axis2/Java, OMText.getText() always gives a string representation of the content. If the content is Binary, it'll automatically base64 encode it.. Axis2/Java security only needs to call the OMText.getText(), irrespective of whether it's a binary or normal text.. This method also conforms to the MTOM spec, as it describes MTOM as selectively encoding of binary data either as base64 or as XOP MIME attachments. thanks, Thilina >AFAIU, There is no real value in MTOM message unless MTOM > receiving endpoint. There is no point eavesdropping MTOM message I > guess. Please bare with my limited security knowledge. > > thanks, > Dinesh > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Thilina Gunarathne - http://thilinag.blogspot.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
