W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

RE: Feedback on draft-burke-content-signature-00.txt

From: Cyrus Daboo <cyrus@daboo.name>
Date: Fri, 25 Mar 2011 10:29:17 -0400
To: Eran Hammer-Lahav <eran@hueniverse.com>, Mark Nottingham <mnot@mnot.net>
cc: "Thomson, Martin" <Martin.Thomson@commscope.com>, Bill Burke <bburke@redhat.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <AEC218AFDC8A9DDF18CD0572@cyrus.local>
Hi Eran,

--On March 23, 2011 11:47:45 PM -0700 Eran Hammer-Lahav 
<eran@hueniverse.com> wrote:

> No matter what the use cases are, most signature algorithm requiring
> complex canonicalization of data have failed the test of widespread
> adoption, so before we produce yet another such solutions, we should
> figure out if this complexity adds real value.

Please take a look at DKIM which does this for email (and reasonably well 
by most accounts). In fact my preference here is to use DKIM for HTTP as 
well. Whilst DKIM is currently used for email it was designed to be 
generally applicable to similar protocols - in fact we are planning on 
using it for iTIP-over-HTTP (iSchedule: 
<http://tools.ietf.org/id/draft-desruisseaux-ischedule-01.txt>). It would 
be good to be able to utilize the existing infrastructure and experience 
from DKIM in HTTP.

-- 
Cyrus Daboo
Received on Friday, 25 March 2011 14:29:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT