W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2014

Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

From: Chris Palmer <palmer@google.com>
Date: Tue, 30 Dec 2014 17:30:09 -0800
Message-ID: <CAOuvq23KYEArCP8heGZcN8TmFDBMZhg=NVTJALJweGN8MEZZXg@mail.gmail.com>
To: "Eric J. Bowman" <eric@bisonsystems.net>
Cc: Marc Fawzi <marc.fawzi@gmail.com>, "henry.story@bblfish.net" <henry.story@bblfish.net>, Nick Doty <npdoty@w3.org>, David Singer <singer@apple.com>, TAG List <www-tag@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On Tue, Dec 30, 2014 at 5:26 PM, Eric J. Bowman <eric@bisonsystems.net> wrote:

>> TLS is the transport layer security protocol we have. It is widely
>> supported and deployed.
>
> So is HTTP-Digest. Whether content is encrypted or not, Authentication
> headers seem a better solution to me than HTTPS-secured cookies.

Please explain how HTTP-Digest is robust against active network
attackers tampering with the HTTP requests and responses (including
both headers and bodies).
Received on Wednesday, 31 December 2014 01:30:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:28 UTC