W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2013

Re: Web Keys and HTTP Signatures

From: Carsten Bormann <cabo@tzi.org>
Date: Thu, 18 Apr 2013 07:54:11 +0200
Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
Message-Id: <599A4C36-D3AC-46D5-8DA9-12D1EB9A6B9F@tzi.org>
To: "David I. Lehn" <dil@lehn.org>
On Apr 18, 2013, at 02:22, "David I. Lehn" <dil@lehn.org> wrote:

> if you find security issues

Wrong question.

A security spec is worthless if it doesn't establish useful security properties.

The spec needs a good look from people with more security mojo.
(Or maybe it can simply be replaced by one of the more learned attempts under discussion, see
for some links.)

*Then* you can look at whether you have implemented it correctly.

Gre, Carsten
Received on Thursday, 18 April 2013 05:54:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:23 UTC