W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2021

Security and Privacy considerations for Signatures

From: Justin Richer <jricher@mit.edu>
Date: Tue, 2 Nov 2021 11:47:43 -0400
Message-Id: <85B21F00-8A14-4769-B8F4-034F37BCC79A@mit.edu>
To: HTTP Working Group <ietf-http-wg@w3.org>
All,

As discussed at the interim, we’ve pushed up a PR to add security and privacy considerations for the signatures draft. Please review when you can:

https://github.com/httpwg/http-extensions/pull/1776 <https://github.com/httpwg/http-extensions/pull/1776>

And importantly, please help us expand this as necessary. Are there other attacks we should enumerate? Are there other aspects we should highlight? Are there other mitigations and tradeoffs that implementors should be aware of?

Thanks,

 — Justin
Received on Tuesday, 2 November 2021 15:47:56 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 2 November 2021 15:47:57 UTC