Re: sigHTTP comments?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kai Kretschmann <K.Kretschmann@security-gui.de> writes:

> Did anyone read the announcement of the internet draft about sighttp 
> last may?
> Any ideas, critics, comments are welcome. I did put a copy of the 
> document to the website www.sighttp.org for further discussion.
The system you describe appears to have a number of problems:

(1) You don't make any provision for automatic key distribution.
This makes it very difficult to scale your solution.

(2) There's no way for clients to know whether a given page
should have a signature on it. Therefore it's possible 
for an attacker who compromises the server to replace the
content with unsigned content of his own choice.

(3) <nosighttp> is insufficiently powerful. Many real systems
have large amounts of dynamic data, including substantial
HTML, on many pages. Rearchitecting these pages to isolate that
data will be difficult. 

(4) Requiring the client verifier to perform significant HTML
parsing to detect and verify the <nosighttp> elements cuts
against the claim that this solution is simple to implement.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]