On Tue, 11 Jan 2011 12:12:53 -0000, Eliot Lear <[email protected]> wrote:
> 4. Rather than keep it in the back of my head, I'll state it outright: > is a goal here to provide an alternative to SSL-based web page > security? Conveniently, web content does take the form of header/body. > If so, one reasonable question to ask would be whether there exist > characteristics and semantics of X.509 that would be necessary in this > context. For instance, is there sufficient surety given for, oh, > banks? And what would the UI implications be? Also, presumably it > would have implications to TLS relating to keying material. It's the HTTP protocol that is header/body based, and that protcol is used for other things that transporting web content, so certifying HTTP messages is not the same as SSL signing web pages (and is somewhat simpler since it involves no encryption). In web applications, the HTTP/XML/whatever page is the payload of the HTTP transmission. The HTTP headers are concerned more with the transmission mechanics (date, MIME structure, etc). -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
