Re: sigHTTP comments?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>1) the signature is computed over either the entire HTML or only the 
static 
>parts with strict conditions about the unsigned dynamic parts
[...]
>3) nearly nothing has to be changed on webserver or browser side to 
access 
>the content, the rfc 2660 seems to make much more trouble in this 
direction

I think you'll find that these two goals are incompatible.  I'm sure
the core server can remain unchanged, but application development
would be radically different.  And, unfortunately, many websites are
developed by one-trick programmers, people for whom learning anything
new is a terrifying prospect.  Combine that with the fact that the
most common set of data which needs to be protected on a secure web
site is credit card numbers, which have adequate legal protections,
and the set of people interested in sigHTTP it's just too small.

/==============================================================\
|John Stracke                    |Principal Engineer           |
|jstracke@incentivesystems.com   |Incentive Systems, Inc.      |
|http://www.incentivesystems.com |My opinions are my own.      |
|==============================================================|
|"Simply vanished--like an old oak table." --Lord Percy, _Black|
|Adder II_                                                     |
\==============================================================/


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]