Re: http+aes

In message <>, Ian Hick
son writes:

>For example, the content could be a movie. "A" would be a movie 
>distributor, "C" would be a consumer, and "B" would be a CDN. B is paid by 
>A to host the content, but B might have rogue elements who would take all 
>of the movie content and upload it to a copyright-violating community.

I'm sorry, but IMO this is just security-theater, and it represents
so terrible handling of key-material that it is deeply irresponsible
to even mention it in a standards document, without a lengthy list
of caveats and disclaimers.

Somebody should point Bruce Schneier at this, he needs a good laugh...

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Wednesday, 7 March 2012 14:22:31 UTC