It would probably be as easy as using SSL with a "null cipher" with authentication like poly1305.
Good luck getting it implemented anywhere. It would need a fair bit of special treatment, like browsers explicitly recognizing it as *not* an encrypted connection despite being an SSL cipher suite. - Sent from my phone Den 11 mar 2014 13:41 skrev "Steve Schultze" <[email protected]>: > Greetings all, > > A couple of years ago, I did some limited research on signed (but not > encrypted) HTTP responses. I discovered that although it had been > considered briefly by a few folks in the past, it never went anywhere. This > continues to be surprising to me, given the ever increasing need to mirror > content for a variety of reasons. Has anyone on the list thought about > this? It seems that out community has a particularly strong case for such a > thing. > > We sign software packages and emails. Why not http results? Ideally this > would call for an IETF standard implemented in the major http servers, > using certs already installed for https (if that is technically > possible... I haven't thought through the crypto). > > Steve > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected]. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
