ietf
[Top] [All Lists]

Re: sigHTTP comments?

2002-06-21 06:34:52
1) the signature is computed over either the entire HTML or only the 
static 
parts with strict conditions about the unsigned dynamic parts
[...]
3) nearly nothing has to be changed on webserver or browser side to 
access 
the content, the rfc 2660 seems to make much more trouble in this 
direction

I think you'll find that these two goals are incompatible.  I'm sure
the core server can remain unchanged, but application development
would be radically different.  And, unfortunately, many websites are
developed by one-trick programmers, people for whom learning anything
new is a terrifying prospect.  Combine that with the fact that the
most common set of data which needs to be protected on a secure web
site is credit card numbers, which have adequate legal protections,
and the set of people interested in sigHTTP it's just too small.

/==============================================================\
|John Stracke                    |Principal Engineer           |
|jstracke(_at_)incentivesystems(_dot_)com   |Incentive Systems, Inc.      |
|http://www.incentivesystems.com |My opinions are my own.      |
|==============================================================|
|"Simply vanished--like an old oak table." --Lord Percy, _Black|
|Adder II_                                                     |
\==============================================================/



<Prev in Thread] Current Thread [Next in Thread>