Re: sigHTTP comments?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi harald,

At 22:20 20.06.02 -0400, you wrote:
>you might want to check out RFC 2660 - The Secure HyperText Transfer 
>Protocol; this is closer to your thinking than the presently popular "HTTP 
>over TLS".

I think our sigHTTP idea is different in at least these 3 points:
1) the signature is computed over either the entire HTML or only the static 
parts with strict conditions about the unsigned dynamic parts
2) the private key used for signing must not be on the web server, the 
content has to be presigned which makes no problem because of its static nature
3) nearly nothing has to be changed on webserver or browser side to access 
the content, the rfc 2660 seems to make much more trouble in this direction

with kind regards


--
Think-Safety
www.security-gui.de & www.sighttp.org



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]