- From: Rick van Rein <rick@openfortress.nl>
- Date: Sun, 02 Feb 2020 18:20:00 +0100
- To: HTTP Working Group <ietf-http-wg@w3.org>
- CC: Eric Rescorla <ekr@rtfm.com>
Hello, > [...] we should have a > coherent threat model and architecture that helps understand where > each technical piece fits in and how they fit together. [...] +1 on that! Things that spring to mind that a concerted effort could bring: - message integrity (usually the #1 goal) - signing canonical rather than textual form - chaining response to request - chaining messages within a connection - signing headers and content separately? - intentional non-repudiation options - channel binding to the lower layer - maybe channel binding to a higher layer -Rick
Received on Sunday, 2 February 2020 17:20:36 UTC