W3C home > Mailing lists > Public > uri@w3.org > March 2012

Re: http+aes

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 06 Mar 2012 09:01:56 +0100
Message-ID: <4F55C474.3050202@gmx.de>
To: Ian Hickson <ian@hixie.ch>
CC: Willy Tarreau <w@1wt.eu>, URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>
On 2012-03-06 00:29, Ian Hickson wrote:
> On Mon, 5 Mar 2012, Willy Tarreau wrote:
>> I wouldn't go to such extremities, but at least I think that we're just
>> facing a layering violation. Only the contents have to be encrypted so
>> that the caches cannot use them, while the transport remains unchanged.
>> So a new scheme is not appropriate for this, a Content-Encoding would be
>> much better. User agents would be configured to know that content-
>> encoding XYZ requires a deciphering key whose ID is presented in the
>> header itself and should have been retrieved via another channel.
>> Example :
>>      Content-Encoding: aes-ctr-128; keyid=0x34751806
>>      Cache-control: no-transform
> This would require changes at the intermediaries. It would also require a
 > ...

Received on Tuesday, 6 March 2012 08:02:32 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:55 UTC