Re: Encryption simplification from Costin Manolache on 2016-10-31 (ietf-http-wg@w3.org from October to December 2016)

From: Costin Manolache <costin@gmail.com>
Date: Mon, 31 Oct 2016 06:13:02 +0000
To: Martin Thomson <martin.thomson@gmail.com>, Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP working group mailing list <ietf-http-wg@w3.org>
Message-ID: <CAP8-FqneP57fhwQD1eFAw4D=PAe9uhtsjJ_2AqFAkZFTJcBJBQ@mail.gmail.com>

1. Why not add the Crypto-Key to the binary header ? If we have to deal
with binary encoding, we can at
least avoid parsing more text headers - and it doesn't have to be b64.

2. For webpush - if the actual encryption is the same ( and I haven't
compared with the previous version ) - I
don't expect it to be a big problem to accept both formats for a while in
existing servers.
Having all keys in the binary payload has benefits - less parsing/confusion
on the headers, b64 encoding/decoding.
+1

Costin

On Sun, Oct 30, 2016 at 5:01 PM Martin Thomson <martin.thomson@gmail.com>
wrote:

On 31 October 2016 at 05:26, Kari Hurtta <hurtta-ietf@elmme-mailer.org>
wrote:
> I guess that this "id" is keyid:

Yes, thanks for noticing.  Fixed.

> Is that 2^36-1 same than  2^36-31  here:

Again, a typo.  Thanks.

Received on Monday, 31 October 2016 06:13:45 UTC