5.1 Security Considerations for Implementers

MDE2 does not provide message-level signing or message-level encryption for any messages. Implementers can make use of transport protection as available in HTTPS to provide security to the client/server interaction.

MDE2 does not define a mechanism to limit a client's use of server resources, such as CPU, network bandwidth, and memory.