W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Call for Adoption: Encrypted Content Encoding

From: Walter H. <Walter.H@mathemainzel.info>
Date: Mon, 30 Nov 2015 20:53:32 +0100
Message-ID: <565CA93C.6040702@mathemainzel.info>
CC: ietf-http-wg@w3.org
On 30.11.2015 13:33, Amos Jeffries wrote:
> Also how is this different from malware infected machines uploading
> encrypted payloads today?
in case this malware is encrypted in an archive container, there is no 
problem, because
no key, no harm;

in case this malware is not encrypted in an archive container like .zip 
or .rar,
the server has the change to clean it ...

> IMHO those opaque encrypted .rar/.zip files are a more fertile and
> safe-from-inspection vector for malware to be using than this proposal
> where the raw Content-Type etc are exposed for vetting.
this is a wrong view to the fact, that .rar/.zip can be inspected as 
long they are not encrypted;
just the same as raw content;
if they are encrypted they won't be any dangerous, because no key, means 
no access;
but for this proposal, the server has no change doing anything against, 
and at client side,
the malware may get start automatically, because of raw Content-Type ...

Received on Monday, 30 November 2015 19:54:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC