- From: Peter Williams <home_pw@msn.com>
- Date: Sun, 4 Aug 2013 15:16:28 +0000
- To: public-webid <public-webid@w3.org>, "foaf-protocols@lists.foaf-project.org" <foaf-protocols@lists.foaf-project.org>, Melvin Carvalho <melvincarvalho@gmail.com>
- Message-ID: <SNT401-EAS37C6B07E031FFECDDA6ECB92530@phx.gbl>
nothing new. so use compression that is BUILT IN to the SSL process. IT is properly tuned. It properly uses the record layer so record-layer AND security handshake boundaries are “application aware”. It does make SSL more of an internet (i.e. layer 4 peer entity layer) concept, than a webby layer 7 “hypermedia concept”, though. But, note that compression and SSL *was* patented (and continuations may still be). It was proactively-patented for national security reasons; both good and bad. The good one was to stop folks doing it completely wrong (this was at a time when VeriSign required SSL vendors to undergo a basic software audit to be allowed to embed root keys, a governance technique designed to “stop folks being stupid about basic comsec that would undermine the value of the [VISA] brand attached to certs”). The bad one was the usual CI caveat reason - minimize the distribution of knowhow about military cryptananalysis methods. We are all still thinking 1980s, even in 1994, one should recall. A webid IDP is perfectly proper place to apply better knowhow, as is ws-trust STS IDP that leverages clients certs at layer 4 to authorize SAML/JWT token minting. These are proper places to apply strong crypto knowhow, speaking in terms of social politics. Sent from Windows Mail From: Melvin Carvalho Sent: Sunday, August 4, 2013 7:10 AM To: public-webid, foaf-protocols@lists.foaf-project.org http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/
_______________________________________________ foaf-protocols mailing list foaf-protocols@lists.foaf-project.org http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
Received on Sunday, 4 August 2013 15:24:43 UTC