W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2020

Re: Call for Adoption: draft-richanna-http-message-signatures

From: Rick van Rein <rick@openfortress.nl>
Date: Sun, 02 Feb 2020 18:20:00 +0100
Message-ID: <5E3704C0.3040302@openfortress.nl>
To: HTTP Working Group <ietf-http-wg@w3.org>
CC: Eric Rescorla <ekr@rtfm.com>
Hello,


> [...] we should have a
> coherent threat model and architecture that helps understand where
> each technical piece fits in and how they fit together. [...]

+1 on that!

Things that spring to mind that a concerted effort could bring:

 - message integrity (usually the #1 goal)
 - signing canonical rather than textual form
 - chaining response to request
 - chaining messages within a connection
 - signing headers and content separately?
 - intentional non-repudiation options
 - channel binding to the lower layer
 - maybe channel binding to a higher layer

-Rick
Received on Sunday, 2 February 2020 17:20:36 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 2 February 2020 17:20:37 UTC