[liberationtech] Signed HTTP

Steve Schultze sjschultze at gmail.com
Tue Mar 11 07:05:54 PDT 2014 

Hmm, this is new since I last looked. Don't know if it is viable or not,
but it seems relevant:
http://tools.ietf.org/html/draft-cavage-http-signatures
On Mar 11, 2014 8:52 AM, "Natanael" <natanael.l at gmail.com> wrote:

> It would probably be as easy as using SSL with a "null cipher" with
> authentication like poly1305.
>
> Good luck getting it implemented anywhere. It would need a fair bit of
> special treatment, like browsers explicitly recognizing it as *not* an
> encrypted connection despite being an SSL cipher suite.
>
> - Sent from my phone
> Den 11 mar 2014 13:41 skrev "Steve Schultze" <sjschultze at gmail.com>:
>
>> Greetings all,
>>
>> A couple of years ago, I did some limited research on signed (but not
>> encrypted) HTTP responses. I discovered that although it had been
>> considered briefly by a few folks in the past, it never went anywhere. This
>> continues to be surprising to me, given the ever increasing need to mirror
>> content for a variety of reasons. Has anyone on the list thought about
>> this? It seems that out community has a particularly strong case for such a
>> thing.
>>
>> We sign software packages and emails. Why not http results? Ideally this
>> would call for an IETF standard implemented in the major http servers,
>> using certs already installed for https (if that is technically
>> possible...  I haven't thought through the crypto).
>>
>> Steve
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
>>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140311/8104c094/attachment.html>

More information about the liberationtech mailing list