Re: http+aes

In message <Pine.LNX.4.64.1203051655450.6189@ps20323.dreamhostps.com>, Ian Hick
son writes:

>For example, the content could be a movie. "A" would be a movie 
>distributor, "C" would be a consumer, and "B" would be a CDN. B is paid by 
>A to host the content, but B might have rogue elements who would take all 
>of the movie content and upload it to a copyright-violating community.

I'm sorry, but IMO this is just security-theater, and it represents
so terrible handling of key-material that it is deeply irresponsible
to even mention it in a standards document, without a lengthy list
of caveats and disclaimers.

Somebody should point Bruce Schneier at this, he needs a good laugh...

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Monday, 5 March 2012 18:10:15 UTC