W3C home > Mailing lists > Public > uri@w3.org > March 2012

Re: http+aes

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Mon, 05 Mar 2012 18:09:35 +0000
To: Ian Hickson <ian@hixie.ch>
cc: Yngve Nysaeter Pettersen <yngve@opera.com>, URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <57991.1330970975@critter.freebsd.dk>
In message <Pine.LNX.4.64.1203051655450.6189@ps20323.dreamhostps.com>, Ian Hick
son writes:

>For example, the content could be a movie. "A" would be a movie 
>distributor, "C" would be a consumer, and "B" would be a CDN. B is paid by 
>A to host the content, but B might have rogue elements who would take all 
>of the movie content and upload it to a copyright-violating community.

I'm sorry, but IMO this is just security-theater, and it represents
so terrible handling of key-material that it is deeply irresponsible
to even mention it in a standards document, without a lengthy list
of caveats and disclaimers.

Somebody should point Bruce Schneier at this, he needs a good laugh...

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 7 March 2012 14:22:31 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:55 UTC