Re: Web Keys and HTTP Signatures

On Apr 18, 2013, at 02:22, "David I. Lehn" <dil@lehn.org> wrote:

> if you find security issues

Wrong question.

A security spec is worthless if it doesn't establish useful security properties.

The spec needs a good look from people with more security mojo.
(Or maybe it can simply be replaced by one of the more learned attempts under discussion, see
http://www.ietf.org/proceedings/85/minutes/minutes-85-httpauth
http://www.ietf.org/proceedings/86/minutes/minutes-86-httpauth
for some links.)

*Then* you can look at whether you have implemented it correctly.

Grüße, Carsten

Received on Thursday, 18 April 2013 05:54:47 UTC