W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: http+aes

From: Jeroen van der Gun <jeroen@blijbol.nl>
Date: Thu, 08 Mar 2012 17:13:43 +0000
Message-ID: <4F58E893.1090402@blijbol.nl>
To: ietf-http-wg@w3.org
CC: uri@w3.org
I think you are re-inventing the wheel. As far as I can tell, the
purpose of this HTTP+AES proposal is end-to-end encryption. This problem
has already been solved for e-mail and those solutions can easily be
extended to HTTP.

I'd propose to develop something like HTTP+S/MIME instead. The
advantages compared to the current proposal are:
* In addition to encryption, the file can be signed. This means that
HTTPS pages can include HTTP+AES content without creating a mixed
content problem.
* Headers like Content-Type are also encrypted and signed.
* A normal HTTP request for the encrypted resource will not result in
trying to render garbage.
Received on Monday, 12 March 2012 08:52:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT