Re: The TLS hammer and resource integrity from Martin Thomson on 2012-03-29 (ietf-http-wg@w3.org from January to March 2012)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 29 Mar 2012 05:48:28 +0200
To: Anthony Bryan <anthonybryan@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWJcRkmWkYyz0khHUQpoz_dpmxOgwnJ_ja22b9XsKn6Fw@mail.gmail.com>

On 29 March 2012 00:35, Anthony Bryan <anthonybryan@gmail.com> wrote:
>      Digest: md5=HUXZLQLMuI/KZ5KDcJPcOA==
>      Digest: SHA=thvDyvhfIqlvFe+A9MYgxAfm1q5=,unixsum=30637

That doesn't help someone who can't rely on the authenticity of the
communications medium.  That is, if you get the information over TLS,
you can trust it, but if you pass the information to me, then I have
to trust you quite a bit.

>> about:see draft-farrell-decade-ni.
>
> sounds like a magnet link?

Exactly like in many respects.  I can't believe that decade is
ignorant of this, though I haven't been following the work closely.

Received on Thursday, 29 March 2012 03:49:38 UTC