- From: Jeroen van der Gun <jeroen@blijbol.nl>
- Date: Thu, 08 Mar 2012 17:13:43 +0000
- To: ietf-http-wg@w3.org
- CC: uri@w3.org
I think you are re-inventing the wheel. As far as I can tell, the purpose of this HTTP+AES proposal is end-to-end encryption. This problem has already been solved for e-mail and those solutions can easily be extended to HTTP. I'd propose to develop something like HTTP+S/MIME instead. The advantages compared to the current proposal are: * In addition to encryption, the file can be signed. This means that HTTPS pages can include HTTP+AES content without creating a mixed content problem. * Headers like Content-Type are also encrypted and signed. * A normal HTTP request for the encrypted resource will not result in trying to render garbage.
Received on Monday, 12 March 2012 08:52:55 UTC