- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 6 Mar 2012 01:14:04 +0000 (UTC)
- To: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, 5 Mar 2012, David Morris wrote: > > From what you've said, this appears to be a shared key system which > provides marginal protection against abuse of the cache but with wide > distribution of the key, it does seem to me to be providing a > significant challange to abuse of the key. > > As I understand the suggested use case, a cache will have encrypted > content placed there by the content owner (or agent) and then multiple > users will be provided the URL and key for retrieval. > > Sounds pretty weak to me. What would you suggest instead? Note that there is no more risk to giving the users the key than there is from giving them the content itself, as far as I can tell. A typical use case would be some parents taking a video of their daughter, and uploading it to YouTube marked as a private video (knowledge of the URL is what is required to access it). The grandparents would then be given the URL to the video, so they can see it. Today, there's no way to put the video on an untrusted CDN, which means that to protect the video from unauthorised access, one has to compromise performance (the data will be further from the grandparents than it could if on the untrusted CDN). In this scenario, the grandparents are trusted with the content and with the URL to the content. Why would they not be trusted with the key? -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 6 March 2012 01:14:28 UTC