[Bug 12316] We should add a checksum here to make it impossible for attackers to modify messages en-route. The HMAC-SHA1 of the cyphertext using as a key the HMAC-SHA1 of ice-key + a second salt should be sufficient. See also http://krijnhoetmer.nl/irc-logs/whatwg/20 from bugzilla@jessica.w3.org on 2011-03-28 (public-html-bugzilla@w3.org from March 2011)

From: <bugzilla@jessica.w3.org>
Date: Mon, 28 Mar 2011 23:59:10 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Q4ML0-0000K4-Qy@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=12316

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from Ian 'Hixie' Hickson <ian@hixie.ch> 2011-03-28 23:59:10 UTC ---
Done.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Monday, 28 March 2011 23:59:12 UTC