W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Web Keys and HTTP Signatures

From: Nico Williams <nico@cryptonector.com>
Date: Sun, 7 Jul 2013 19:21:57 -0500
Message-ID: <CAK3OfOiXOx=Xj+iDNb5afcadCExowojiBJb7JB-_OHJ6rg5dVg@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org, websec@ietf.org
In the IETF Websec WG we call the use of MACs to bind requests (and
responses) to sessions: "session continuation".

There have been... many specific proposals and even deployed
protocols, like yours.

We really do need a standard method for session continuation.

Session continuation is predicated on having a session key already
exchanged, possibly by an authentication mechanism.  We'd like to
separate the two things: session continuation on the one hand, and key
exchange (and authentication) on the other.

If your protocol is mature enough it might well be the one we should
adopt.  I urge you to subscribe to websec@ietf.org and help us :)

Nico
--
Received on Monday, 8 July 2013 00:22:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC