W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 28 Mar 2012 07:00:43 +0000
To: Martin Thomson <martin.thomson@gmail.com>
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <3588.1332918043@critter.freebsd.dk>
In message <CABkgnnXW1Eke01W_xCBuyJrbx8uNT1K=tS37eNFhPujVo2h3yA@mail.gmail.com>
, Martin Thomson writes:

>Today, the only option we have available to deal with this problem is
>TLS.  And along with our integrity (and source authentication), we
>also get confidentiality.  This is occasionally desirable, but
>frequently, it is merely consequential.
>
>One significant downside to this arrangement is that confidentiality
>also rules out intermediation options that could be hugely beneficial.

You very well and clearly expressed my concerns about mandatory TLS.

One very simple way to gain integrity would be to add strong
signatures to web objects.

For the majority of web objects, this can be done once (every N
years).

Apart from a few extra bytes, there will be no HTTP-related overhead
and no negative impact on non-munging intermediates

The client side can verify the signature if it feels like it, and
warn/err/ refuse if it doesn't receive the assurance it expects.

The only question I don't see an obvious answer to, is how to mark
in HTML that a given link should have integrity checks, but I'm sure
W3C can solve that.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 28 March 2012 07:01:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT