Hmm, this is new since I last looked. Don't know if it is viable or not, but it seems relevant: http://tools.ietf.org/html/draft-cavage-http-signatures On Mar 11, 2014 8:52 AM, "Natanael" <[email protected]> wrote:
> It would probably be as easy as using SSL with a "null cipher" with > authentication like poly1305. > > Good luck getting it implemented anywhere. It would need a fair bit of > special treatment, like browsers explicitly recognizing it as *not* an > encrypted connection despite being an SSL cipher suite. > > - Sent from my phone > Den 11 mar 2014 13:41 skrev "Steve Schultze" <[email protected]>: > >> Greetings all, >> >> A couple of years ago, I did some limited research on signed (but not >> encrypted) HTTP responses. I discovered that although it had been >> considered briefly by a few folks in the past, it never went anywhere. This >> continues to be surprising to me, given the ever increasing need to mirror >> content for a variety of reasons. Has anyone on the list thought about >> this? It seems that out community has a particularly strong case for such a >> thing. >> >> We sign software packages and emails. Why not http results? Ideally this >> would call for an IETF standard implemented in the major http servers, >> using certs already installed for https (if that is technically >> possible... I haven't thought through the crypto). >> >> Steve >> >> -- >> Liberationtech is public & archives are searchable on Google. Violations >> of list guidelines will get you moderated: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech. >> Unsubscribe, change to digest, or change password by emailing moderator at >> [email protected]. >> > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected]. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
