-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Karl, thanks for your input:
Karl Southern wrote: > This might be off at a bit of a tangent, but I'd love to test this out > and I'd be interested in seeing some sort of provision for redirection > or something, if the signing isn't available. Possibly a little out of > scope as this is achievable through mod_rewrite. Well, I guess it wouldn't be difficult to add a parameter to specify a redirection url for certain cases. Like, an url to redirect when request is not signed, another when verification fails, but in any case I'm adding some headers to the request, that can tell a web application (or other modules) verification status, etc. Of course, my module remove any of those headers from incoming requests, to avoid spoofing. > What I'd really love to see is support for mod_dbd, etc. so that keys > could be stored in a database and yanked from there. Never heard of it. Could you contact me offlist, or onlist if appropaite, so we can discuss it? > Also off at a giant tangent, is there any plans for a signed response in > the specs (I assume this would require a fully buffered response, which > would be rather "expensive")? If so, any plans on this module supporting > that? Signing responses it's a matter of adding the required headers to the outgoing reply, so, as long as they're added before any other output, no buffering seems necessary (at least from an 'outside modules' perspective. I guess that would probably fall into another module, or in a PHP Class, or similar. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGG6GAAlpOsGhXcE0RClINAJ9H+NVAYd/xxqnZq+KjadZatrvh5ACeMDhx BIoXOTkfcWunlFUQZ1oMQjw= =UANe -----END PGP SIGNATURE-----
