W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2013

Re: Web Keys and HTTP Signatures

From: Carsten Bormann <cabo@tzi.org>
Date: Thu, 18 Apr 2013 07:54:11 +0200
Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
Message-Id: <599A4C36-D3AC-46D5-8DA9-12D1EB9A6B9F@tzi.org>
To: "David I. Lehn" <dil@lehn.org>
On Apr 18, 2013, at 02:22, "David I. Lehn" <dil@lehn.org> wrote:

> if you find security issues

Wrong question.

A security spec is worthless if it doesn't establish useful security properties.

The spec needs a good look from people with more security mojo.
(Or maybe it can simply be replaced by one of the more learned attempts under discussion, see
http://www.ietf.org/proceedings/85/minutes/minutes-85-httpauth
http://www.ietf.org/proceedings/86/minutes/minutes-86-httpauth
for some links.)

*Then* you can look at whether you have implemented it correctly.

Gre, Carsten
Received on Thursday, 18 April 2013 05:54:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:31 UTC