W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Introducing a Session header...

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Fri, 20 Jul 2012 14:17:22 -0400
Message-ID: <CAMm+LwiJVWMqE+_R87c+rUpyzVt-Ge2jS2kt-Dnna=SQWXpy9Q@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Ross Nicoll <jrn@jrn.me.uk>, ietf-http-wg@w3.org
On Fri, Jul 20, 2012 at 10:58 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <CAMm+LwjraorOn4ZmhHAzk2E-nbNf5d5sftLVRxA4yjiUieLKSA@mail.gmail.com>
> , Phillip Hallam-Baker writes:
>
>>Having said that, this is not a total slam dunk for doing client side
>>state as you might also want to achieve the same thing with a server
>>pushed token being used in an authentication scheme.
>
> That's why I'm hope we can find a card-carrying cryptographer to
> help us, I'd hate to do it almost but not quite right.

I am not sure that anyone issues cards for Web cryptographic protocol
design. If they ever do, I think I can fairly claim card number 001.

Don't worry about HTTP shipping with wrong or bad crypto due to lack
of over oversight. At this point that is just not going to happen. I
think it more likely we have the opposite problem of too many people
sticking their oar in.


-- 
Website: http://hallambaker.com/
Received on Friday, 20 July 2012 18:17:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 20 July 2012 18:17:56 GMT