Re: Introducing a Session header...

On Fri, Jul 20, 2012 at 10:58 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <CAMm+LwjraorOn4ZmhHAzk2E-nbNf5d5sftLVRxA4yjiUieLKSA@mail.gmail.com>
> , Phillip Hallam-Baker writes:
>
>>Having said that, this is not a total slam dunk for doing client side
>>state as you might also want to achieve the same thing with a server
>>pushed token being used in an authentication scheme.
>
> That's why I'm hope we can find a card-carrying cryptographer to
> help us, I'd hate to do it almost but not quite right.

I am not sure that anyone issues cards for Web cryptographic protocol
design. If they ever do, I think I can fairly claim card number 001.

Don't worry about HTTP shipping with wrong or bad crypto due to lack
of over oversight. At this point that is just not going to happen. I
think it more likely we have the opposite problem of too many people
sticking their oar in.


-- 
Website: http://hallambaker.com/

Received on Friday, 20 July 2012 18:17:49 UTC