W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2022

Re: Signing Set-Cookie

From: Martin Thomson <mt@lowentropy.net>
Date: Tue, 07 Jun 2022 10:07:58 +1000
Message-Id: <53545e69-42e0-4407-b297-71141a6b0cd9@beta.fastmail.com>
To: ietf-http-wg@w3.org
On Tue, Jun 7, 2022, at 08:49, Watson Ladd wrote:
> This would also apply to treating MAC as a Signature wouldn't it?


That is also hard to stomach, though for a different reason and it falls short of being absolutely unacceptable.  Just.  We accept TLS PSK modes on the understanding that there are just two entities and they each know their roles (the latter part thanks to Selfie).  The same *could* apply to a "symmetric signature" scheme here.  It's a giant footgun, but this spec is a collection of footguns of varying size already, so I don't get too excited about there being one more.
Received on Tuesday, 7 June 2022 00:08:33 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:44:07 UTC