Re: Signing HTTP (Was: New Version Notification for draft-thomson-http-encryption-00.txt) from Martin Thomson on 2015-05-13 (ietf-http-wg@w3.org from April to June 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 13 May 2015 12:29:31 -0500
To: James M Snell <jasnell@gmail.com>
Cc: Willy Tarreau <w@1wt.eu>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnXq8bbh7pdmfEB696Hg+EMW+baaXWTKr4ZnUZFcT=uULQ@mail.gmail.com>

On 12 May 2015 at 19:23, James M Snell <jasnell@gmail.com> wrote:
> If
> we're talking only about signing the payload of the request, using a
> multipart/signed would work, would it not?

Yep, that would be consistent with this view.

Received on Wednesday, 13 May 2015 17:29:57 UTC