Re: signature/encryption tags -> follow-up

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Philip Trauring: "Re: signature/encryption tags -> follow-up"
• Previous message: Brian Behlendorf: "Re: signature/encryption tags -> follow-up"
• Maybe in reply to: Philip Trauring: "signature/encryption tags -> follow-up"
• Next in thread: Philip Trauring: "Re: signature/encryption tags -> follow-up"

http://www-ns.rutgers.edu/www-security/https-wg.html
http://www-ns.rutgers.edu/www-security/www-security-list.html

To be frank, I doubt you will get much crypto support into HTML 2 or 3,
since the current focus is to finish 2.0 and start working on the big issues
in 3.0 , such as Maths and table support, not to mention character set
support.

The security group is dealing with the issues you are discussing.

Ah - *idea* - you could store fragment signatures and other cryptographic
data external to the HTML document by using named ranges as proposed in
the HTML 3.0 - i.e. having a signature for a section named using the MARK
and RANGE tags. (I'm inventing the Signature HTTP header here).

Content-type: text/html; version=3.0
Content-encoding: binary
Signature: id0; dn="my-address@foo.com"; pgp="arfle-barfle-gloop"
Signature: id1, dn="my RSA sanctioned name"; pem="base64-encoded-signature"

<HEAD>
<MARK RANGE=id0 START=id_a END=id_b>
<BODY>
...
<MARK ID=id_a>
signed section
<MARK ID=id_b>

The user agent computes the signature using its own keyring (or fetches the
appropriate key using some defined mechanism (did you see a handwave? I saw
no handwave!) ) and checks it against the s-http encapsulated header.

Christian

• Next message: Philip Trauring: "Re: signature/encryption tags -> follow-up"
• Previous message: Brian Behlendorf: "Re: signature/encryption tags -> follow-up"
• Maybe in reply to: Philip Trauring: "signature/encryption tags -> follow-up"
• Next in thread: Philip Trauring: "Re: signature/encryption tags -> follow-up"