Re: Comments on draft-ietf-httpbis-encryption-encoding-04

On 2016-11-12 07:56, Martin Thomson wrote:
> ...
>> S 3.
>> This whole Crypto-Key thing seems like a menace. As has been noted,
>> it's a terrible idea to provide Crypto-Key and encrypted data
>> for the same key in the same HTTP message, but that's the only
>> thing you see to support:
>>    The value or values provided in the Crypto-Key header field is valid
>>    only for the current HTTP message unless additional information
>>    indicates a greater scope.
>> Do we have a concrete use case for Crypto-Key? If not, I would remove
>> it. If so, I would consider writing a different spec.
> Maybe we can discuss this in the meeting, I don't have any objection
> to this.  I like deleting code.
> ...

One use case is over here: 

If "Cryto-Key" isn't defined in the base spec, any other spec that 
defines how to pass around the key information will have to define it 
itself. That doesn't sound like a good idea to me.

Best regards, Julian

Received on Saturday, 12 November 2016 07:33:20 UTC