- From: Soni L. <fakedme+http@gmail.com>
- Date: Wed, 30 Oct 2019 18:18:20 -0300
- To: ietf-http-wg@w3.org
(sorry, I seem to have made a mistake when posting this/replying the first time around.) On 2019-10-30 1:15 p.m., W. Felix Handte wrote: > On 10/30/19 5:43 AM, Soni L. wrote: >> So, what you're saying, is that this wouldn't be an issue if we were >> using public-key-based authentication and session tokens? >> >> Like this? https://soniex2.autistic.space/posts/2019/06/uweb.xhtml >> (or, perhaps, this? https://awoo.space/@SoniEx2/102972533369915352 ) > > Secret tokens (passwords, keys, cookies, etc.) are likely the most > important kind of content to protect, but also definitely not the only > kind. Message bodies themselves may contain secrets worth attacking > (credit card numbers). > Ah. Yeah. I forgot about that. .-. (altho, probably in my ideal world my computer would have an NFC or chip-and-pin reader and the whole thing would be end-to-end encrypted between the parties. I don't get why we don't have those yet. but, anyway, I digress.)
Received on Wednesday, 30 October 2019 21:18:28 UTC