Re: 2nd Working Group Last Call: draft-ietf-httpbis-encryption-encoding-03.txt

--------
In message <7c879010-2145-fabc-9f97-d05de90e5147@gmx.de>, Julian Reschke writes
:

>>    HTTP/1.1 200 OK
>>    Content-Type: text/html
>>    Content-Encoding: gzip, aesgcm
>>    Transfer-Encoding: chunked
>>
>>    {magic marker}
>>    keyid="me@example.com";
>>    salt="m2hJ_NttRtFyUiMRPwfpHA"
>>    {magic terminator}
>>    [encrypted payload]
>
>Because you might want to ship the parameters somewhere else. See 
>example in 
><https://greenbytes.de/tech/webdav/draft-reschke-http-oob-encoding-08.html#rfc.section.3.5.3>.

Yeah, I thought about that, but the more I study it, the more I don't
see why HTTP needs to get involved in either activity.

All this stuff can be done with existing HTTP mechanisms, by defining
a new C-E which carries its own metadata in the body, like all other
C-E's, and the enourmous advantage of that is that it is backwards
compatible.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Wednesday, 19 October 2016 14:14:01 UTC