W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Mon, 7 Dec 2015 13:21:45 +0100
Cc: Cory Benfield <cory@lukasa.co.uk>, Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-Id: <814951E1-DB77-4C6E-A144-FCEE17D73DD8@greenbytes.de>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>

> Am 07.12.2015 um 13:13 schrieb Poul-Henning Kamp <phk@phk.freebsd.dk>:
> 
> --------
> In message <AD5923A5-875D-4A3B-AFFF-26CE042934FC@lukasa.co.uk>, Cory Benfield writes:
> [...]
> For instance I could open a HTTPS to a newspaper, and one of the
> things I get back is the instruction:  "When you pick up our stuff
> from the 3rd party CDN, the content must be signed with this key".
> 
> That could put integrity around an awfull lot of content which
> simply doesn't need TLS because it is 100% public, with the
> huge added benefit that the CDN's do need access to keys.

You mean, do *not* need access to keys, right? 
As the origin would put the signature together with the content at the CDN, or?

//Stefan
Received on Monday, 7 December 2015 12:22:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC