W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: Security Requirements for HTTP, draft -00

From: Robert Sayre <rsayre@mozilla.com>
Date: Wed, 06 Feb 2008 04:08:38 +0000
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <CAA5FCAF-E108-4F4D-8B43-52D35B7977B4@mozilla.com>
To: Paul Leach <paulle@windows.microsoft.com>

On Feb 5, 2008, at 8:23 PM, Paul Leach wrote:
> “Digest includes many modes of operation, but only the simplest  
> modes enjoy any degree of interoperability.  For example, most  
> implementations do not implement the mode that provides full message  
> integrity.  Perhaps one reason is that implementation experience has  
> shown that in some cases,
> especially those involving large requests or responses such as  
> streams, the message integrity mode is impractical because it  
> requires servers to analyze the full request before determining  
> whether the client knows the shared secret or whether message-body  
> integrity has been violated and hence whether the request can be  
> processed."

I agree with the substance of this text. I find it a little hard to  
parse, but I trust the editors can remedy that.

- Rob
Received on Wednesday, 6 February 2008 08:48:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:44 UTC