ietf
[Top] [All Lists]

Re: sigHTTP comments?

2002-06-20 23:39:59
Hi harald,

At 22:20 20.06.02 -0400, you wrote:
you might want to check out RFC 2660 - The Secure HyperText Transfer Protocol; this is closer to your thinking than the presently popular "HTTP over TLS".

I think our sigHTTP idea is different in at least these 3 points:
1) the signature is computed over either the entire HTML or only the static parts with strict conditions about the unsigned dynamic parts 2) the private key used for signing must not be on the web server, the content has to be presigned which makes no problem because of its static nature 3) nearly nothing has to be changed on webserver or browser side to access the content, the rfc 2660 seems to make much more trouble in this direction

with kind regards


--
Think-Safety
www.security-gui.de & www.sighttp.org




<Prev in Thread] Current Thread [Next in Thread>