W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: http+aes

From: Jeroen van der Gun <jeroen@blijbol.nl>
Date: Thu, 08 Mar 2012 17:13:43 +0000
Message-ID: <4F58E893.1090402@blijbol.nl>
To: ietf-http-wg@w3.org
CC: uri@w3.org
I think you are re-inventing the wheel. As far as I can tell, the
purpose of this HTTP+AES proposal is end-to-end encryption. This problem
has already been solved for e-mail and those solutions can easily be
extended to HTTP.

I'd propose to develop something like HTTP+S/MIME instead. The
advantages compared to the current proposal are:
* In addition to encryption, the file can be signed. This means that
HTTPS pages can include HTTP+AES content without creating a mixed
content problem.
* Headers like Content-Type are also encrypted and signed.
* A normal HTTP request for the encrypted resource will not result in
trying to render garbage.
Received on Monday, 12 March 2012 08:52:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:01 UTC