- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 05 Mar 2012 11:34:27 +0100
- To: "Julian Reschke" <julian.reschke@gmx.de>, "Poul-Henning Kamp" <phk@phk.freebsd.dk>
- Cc: URI <uri@w3.org>, "HTTP Working Group" <ietf-http-wg@w3.org>, "Ian Hickson" <ian@hixie.ch>
On Mon, 05 Mar 2012 11:29:01 +0100, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <4F549392.60802@gmx.de>, Julian Reschke writes: >> FYI: >> >> http://dev.w3.org/html5/spec/Overview.html#http-aes-scheme > > So you encrypt the response body with the password clearly visible in the > request, to gain privacy ? > > Please explain what I'm overlooking here... I think the intent is that the user agent does the decryption and that therefore the key is not part of the request, but the specification is sort of vague / wrong on that it seems. Ian? -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 5 March 2012 10:34:58 UTC