- From: Walter H. <Walter.H@mathemainzel.info>
- Date: Mon, 30 Nov 2015 20:53:32 +0100
- CC: ietf-http-wg@w3.org
- Message-ID: <565CA93C.6040702@mathemainzel.info>
On 30.11.2015 13:33, Amos Jeffries wrote: > > Also how is this different from malware infected machines uploading > encrypted payloads today? in case this malware is encrypted in an archive container, there is no problem, because no key, no harm; in case this malware is not encrypted in an archive container like .zip or .rar, the server has the change to clean it ... > IMHO those opaque encrypted .rar/.zip files are a more fertile and > safe-from-inspection vector for malware to be using than this proposal > where the raw Content-Type etc are exposed for vetting. this is a wrong view to the fact, that .rar/.zip can be inspected as long they are not encrypted; just the same as raw content; if they are encrypted they won't be any dangerous, because no key, means no access; but for this proposal, the server has no change doing anything against, and at client side, the malware may get start automatically, because of raw Content-Type ...
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 30 November 2015 19:54:01 UTC