- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Wed, 28 Mar 2012 07:00:43 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
In message <CABkgnnXW1Eke01W_xCBuyJrbx8uNT1K=tS37eNFhPujVo2h3yA@mail.gmail.com> , Martin Thomson writes: >Today, the only option we have available to deal with this problem is >TLS. And along with our integrity (and source authentication), we >also get confidentiality. This is occasionally desirable, but >frequently, it is merely consequential. > >One significant downside to this arrangement is that confidentiality >also rules out intermediation options that could be hugely beneficial. You very well and clearly expressed my concerns about mandatory TLS. One very simple way to gain integrity would be to add strong signatures to web objects. For the majority of web objects, this can be done once (every N years). Apart from a few extra bytes, there will be no HTTP-related overhead and no negative impact on non-munging intermediates The client side can verify the signature if it feels like it, and warn/err/ refuse if it doesn't receive the assurance it expects. The only question I don't see an obvious answer to, is how to mark in HTML that a given link should have integrity checks, but I'm sure W3C can solve that. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 28 March 2012 07:01:11 UTC