W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 29 Mar 2012 05:48:28 +0200
Message-ID: <CABkgnnWJcRkmWkYyz0khHUQpoz_dpmxOgwnJ_ja22b9XsKn6Fw@mail.gmail.com>
To: Anthony Bryan <anthonybryan@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 29 March 2012 00:35, Anthony Bryan <anthonybryan@gmail.com> wrote:
>      Digest: md5=HUXZLQLMuI/KZ5KDcJPcOA==
>      Digest: SHA=thvDyvhfIqlvFe+A9MYgxAfm1q5=,unixsum=30637

That doesn't help someone who can't rely on the authenticity of the
communications medium.  That is, if you get the information over TLS,
you can trust it, but if you pass the information to me, then I have
to trust you quite a bit.

>> about:see draft-farrell-decade-ni.
>
> sounds like a magnet link?

Exactly like in many respects.  I can't believe that decade is
ignorant of this, though I haven't been following the work closely.
Received on Thursday, 29 March 2012 03:49:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT