W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: Feedback on draft-burke-content-signature-00.txt

From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Fri, 25 Mar 2011 15:39:09 +0100
Message-ID: <4D8CA90D.7090007@isode.com>
To: Cyrus Daboo <cyrus@daboo.name>
CC: Eran Hammer-Lahav <eran@hueniverse.com>, Mark Nottingham <mnot@mnot.net>, "Thomson, Martin" <Martin.Thomson@commscope.com>, Bill Burke <bburke@redhat.com>, HTTP Working Group <ietf-http-wg@w3.org>
Cyrus Daboo wrote:

> Hi Eran,
>
> --On March 23, 2011 11:47:45 PM -0700 Eran Hammer-Lahav 
> <eran@hueniverse.com> wrote:
>
>> No matter what the use cases are, most signature algorithm requiring
>> complex canonicalization of data have failed the test of widespread
>> adoption, so before we produce yet another such solutions, we should
>> figure out if this complexity adds real value.
>
> Please take a look at DKIM which does this for email (and reasonably 
> well by most accounts). In fact my preference here is to use DKIM for 
> HTTP as well. Whilst DKIM is currently used for email it was designed 
> to be generally applicable to similar protocols - in fact we are 
> planning on using it for iTIP-over-HTTP (iSchedule: 
> <http://tools.ietf.org/id/draft-desruisseaux-ischedule-01.txt>). It 
> would be good to be able to utilize the existing infrastructure and 
> experience from DKIM in HTTP.

+1.
Dave Crocker is going to make a presentation on a more generalized DKIM 
in the Apps Area on Monday, March 28th.
Received on Friday, 25 March 2011 14:41:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:37 GMT