W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: http+aes

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 6 Mar 2012 01:14:04 +0000 (UTC)
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.64.1203060107290.6189@ps20323.dreamhostps.com>
On Mon, 5 Mar 2012, David Morris wrote:
> 
> From what you've said, this appears to be a shared key system which 
> provides marginal protection against abuse of the cache but with wide 
> distribution of the key, it does seem to me to be providing a 
> significant challange to abuse of the key.
> 
> As I understand the suggested use case, a cache will have encrypted 
> content placed there by the content owner (or agent) and then multiple 
> users will be provided the URL and key for retrieval.
> 
> Sounds pretty weak to me.

What would you suggest instead?

Note that there is no more risk to giving the users the key than there is 
from giving them the content itself, as far as I can tell.

A typical use case would be some parents taking a video of their daughter, 
and uploading it to YouTube marked as a private video (knowledge of the 
URL is what is required to access it). The grandparents would then be 
given the URL to the video, so they can see it. Today, there's no way to 
put the video on an untrusted CDN, which means that to protect the video 
from unauthorised access, one has to compromise performance (the data will 
be further from the grandparents than it could if on the untrusted CDN).

In this scenario, the grandparents are trusted with the content and with 
the URL to the content. Why would they not be trusted with the key?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 6 March 2012 01:14:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT