Re: Call for Adoption: Encrypted Content Encoding from Walter H. on 2015-11-30 (ietf-http-wg@w3.org from October to December 2015)

From: Walter H. <Walter.H@mathemainzel.info>
Date: Mon, 30 Nov 2015 21:13:52 +0100
To: John Mattsson <john.mattsson@ericsson.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <565CAE00.3020400@mathemainzel.info>

On 30.11.2015 11:42, John Mattsson wrote:
> I think this should be used in addition to HTTPS. TLS is not the 
> solution to everything. In the WebPush scenario, using only HTTPS 
> would lead to the Push Service having access to, and being able to 
> modify the content. Content-enryption + HTTPS looks like a good 
> general solution that can be used independently of content-type. 
and how would this prevent the security impact I mentioned?

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 30 November 2015 20:14:19 UTC