- From: Benjamin Carlyle <benjamincarlyle@soundadvice.id.au>
- Date: Wed, 25 Jul 2012 17:49:12 +1000
- To: Anil Sharma <asharma@sandvine.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CAN2g+6a9H8GRC9dPHsK+Jnw0-cQD_gL1-Cc-p0gW3BqvaJdJ6Q@mail.gmail.com>
Anil, > #1 Message level signatures > Transport level security provides privacy and non repudiation at the penalty of denying intermediaries the right to inspect messages and otherwise be involved in a transaction. Message level security measures could bring about specific benefits for http in relation to REST and practical use cases. For example: On Jul 23, 2012 4:38 AM, "Anil Sharma" <asharma@sandvine.com> wrote: > > I didn’t understand your point 1. Are you saying that no one should be allowed to inspect messages if someone wants complete privacy and he has enabled end to end encryption? I don't see any reason to deny users the right of end to end protection. However my cases are machine to machine interactions between railway control systems and the like. Privacy in such environments is enforced primarily by keeping networks separated and including firewalls at connection points between networks. In this context it is necessary to have visibility at the firewalls of relevant information about requests: which network they are transiting from and to, which authority they are addressed to and sometimes more detailed url inspection, which method is being used and sometimes more detailed header and body inspection. In this context the firewalls need to see the message content privacy is broadly not a concern as the message would not be on a given network if the servers on that network were not allowed to see it. Designating trusted firewalls could diminish the problem introduced by transport layer encryption, but may make management of systems over time more complex. Currently if two adjacent systems need to communicate we place a firewall on each side of the connection. Each firewall is responsible for protecting the system that it is member of. Changes to the other system's firewall currently don't impact my system unless it starts to deny essential traffic. Any traffic not understood by the firewall will be rejected, so certainly any transport layer encryption must be terminated at each firewall as they are included into a trusted chain. However it is overkill and complicates matters to introduce this encryption on these networks which already enjoy a combination of physical and VPN security measures. Benjamin.
Received on Wednesday, 25 July 2012 07:49:43 UTC