W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Signatures and Authentication information must go at end of meesage.

From: <hallam@w3.org>
Date: Wed, 07 Feb 96 15:40:02 -0500
Message-Id: <9602072040.AA31009@zorch.w3.org>
To: Ian Duncan <id@cc.mcgill.ca>
Cc: hallam@w3.org, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com

>I'm getting really*really*really tired of hearing this one. And in this
>instance it's even more irritating since the best convention for
>generating a MIME boundary, MD5 or other quality hash across enough
>randomness to have value, is as likely to fail as any commonly available
>security protocol. There's nearly a one<->one mapping for the math.

Actually it is not necessarily unconnected.

Imagine that we use HTTP to create a "hyperterminal" type application. Ie we 
connect to the resource and it spits out a continuous stream of data in an IRC 
type manner. 

Now imagine we use this feature to create a "debugging port" on a server.

Now imagine we use the port to debug the connection made to the port. The MIME 
boundary is bounced back as data rather than as control. Result unhapiness.


Another reason is that some of us have to write proofs of correctness for 
systems. I object on principle to any scheme which requires a protocol to 
needlessly incorporate a possibility of error. do the right thing and all that. 
My college tutor at Oxford would be unhappy were I to go round introducing 
unnecessary bug potential even if the probability of the bug occuring were 
marginal. Mucks up a proof of correctness no end...


	Phill
Received on Wednesday, 7 February 1996 12:42:20 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:44 EDT