Re: Web Keys and HTTP Signatures

• From: Carsten Bormann <cabo@tzi.org>
• Date: 2013ǯ4·î18Æü 07:54:11 +0200
• To: "David I. Lehn" <dil@lehn.org>
• Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org
• Message-Id: <599A4C36-D3AC-46D5-8DA9-12D1EB9A6B9F@tzi.org>

On Apr 18, 2013, at 02:22, "David I. Lehn" <dil@lehn.org> wrote:
> if you find security issues
Wrong question.
A security spec is worthless if it doesn't establish useful security properties.
The spec needs a good look from people with more security mojo.
(Or maybe it can simply be replaced by one of the more learned attempts under discussion, see
http://www.ietf.org/proceedings/85/minutes/minutes-85-httpauth
http://www.ietf.org/proceedings/86/minutes/minutes-86-httpauth
for some links.)
*Then* you can look at whether you have implemented it correctly.
Gr�áôe, Carsten

Received on Thursday, 18 April 2013 05:54:44 UTC