- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Mon, 07 Dec 2015 12:34:37 +0000
- To: Stefan Eissing <stefan.eissing@greenbytes.de>
- cc: Cory Benfield <cory@lukasa.co.uk>, Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
-------- In message <814951E1-DB77-4C6E-A144-FCEE17D73DD8@greenbytes.de>, Stefan Eissing writes: > >> Am 07.12.2015 um 13:13 schrieb Poul-Henning Kamp <phk@phk.freebsd.dk>: >>=20 >> -------- >> In message <AD5923A5-875D-4A3B-AFFF-26CE042934FC@lukasa.co.uk>, Cory = >Benfield writes: >> [...] >> For instance I could open a HTTPS to a newspaper, and one of the >> things I get back is the instruction: "When you pick up our stuff >> from the 3rd party CDN, the content must be signed with this key". >>=20 >> That could put integrity around an awfull lot of content which >> simply doesn't need TLS because it is 100% public, with the >> huge added benefit that the CDN's do need access to keys. > >You mean, do *not* need access to keys, right?=20 Correct, sorry for the typo. >As the origin would put the signature together with the content at the >CDN, or? Yes, basically the CDN gets the content with signature from origin and doesn't even need to know what the signature means. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 7 December 2015 12:35:06 UTC