- From: Carsten Bormann <cabo@tzi.org>
- Date: Thu, 18 Apr 2013 18:39:37 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
> You also seem to be implying that you know of which security properties > are not being established by http-signatures. Could you please elaborate? No, I just reported that I got stuck trying to find out the security properties. I was also unclear about the security objectives. This is starting to become a bit clearer with the discussion now, but that doesn't replace a good exposition of what you are trying to achieve/what you think you have achieved. So, for instance, I'd like to understand your stance on replay a bit better. RFC 3552 and RFC 4101 may be good reading for the kind of question that tends to come up, and RFC 4949 will give you some terminology to minimize ambiguity. Thanks a lot for the appraisal of the httpauth candidates -- this will be really useful input for the work of that WG. Grüße, Carsten
Received on Thursday, 18 April 2013 16:40:07 UTC