[liberationtech] Signed HTTP
Natanael
natanael.l at gmail.com
Tue Mar 11 05:51:58 PDT 2014
It would probably be as easy as using SSL with a "null cipher" with
authentication like poly1305.
Good luck getting it implemented anywhere. It would need a fair bit of
special treatment, like browsers explicitly recognizing it as *not* an
encrypted connection despite being an SSL cipher suite.
- Sent from my phone
Den 11 mar 2014 13:41 skrev "Steve Schultze" <sjschultze at gmail.com>:
> Greetings all,
>
> A couple of years ago, I did some limited research on signed (but not
> encrypted) HTTP responses. I discovered that although it had been
> considered briefly by a few folks in the past, it never went anywhere. This
> continues to be surprising to me, given the ever increasing need to mirror
> content for a variety of reasons. Has anyone on the list thought about
> this? It seems that out community has a particularly strong case for such a
> thing.
>
> We sign software packages and emails. Why not http results? Ideally this
> would call for an IETF standard implemented in the major http servers,
> using certs already installed for https (if that is technically
> possible... I haven't thought through the crypto).
>
> Steve
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140311/757aad44/attachment.html>
More information about the liberationtech
mailing list