- From: <bugzilla@jessica.w3.org>
- Date: Wed, 16 Mar 2011 07:09:11 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12316
Summary: We should add a checksum here to make it impossible
for attackers to modify messages en-route. The
HMAC-SHA1 of the cyphertext using as a key the
HMAC-SHA1 of ice-key + a second salt should be
sufficient. See also
http://krijnhoetmer.nl/irc-logs/whatwg/20
Product: HTML WG
Version: unspecified
Platform: Other
URL: http://www.whatwg.org/specs/web-apps/current-work/#tra
nsmit-a-data-packet-to-a-peer
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: other Hixie drafts (editor: Ian Hickson)
AssignedTo: ian@hixie.ch
ReportedBy: contributor@whatwg.org
QAContact: public-html-bugzilla@w3.org
CC: ian@hixie.ch, mike@w3.org
Specification: http://www.whatwg.org/specs/web-apps/current-work/complete.html
Section:
http://www.whatwg.org/specs/web-apps/current-work/complete.html#transmit-a-data-packet-to-a-peer
Comment:
We should add a checksum here to make it impossible for attackers to modify
messages en-route. The HMAC-SHA1 of the cyphertext using as a key the
HMAC-SHA1 of ice-key + a second salt should be sufficient. See also
http://krijnhoetmer.nl/irc-logs/whatwg/20110316#l-268 onwards.
Posted from: 76.102.14.57 by ian@hixie.ch
User agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US)
AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
--
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Wednesday, 16 March 2011 07:09:13 UTC