- From: Nico Williams <nico@cryptonector.com>
- Date: Sun, 7 Jul 2013 19:21:57 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments CG <public-webpayments@w3.org>, ietf-http-wg@w3.org, websec@ietf.org
- Message-ID: <CAK3OfOiXOx=Xj+iDNb5afcadCExowojiBJb7JB-_OHJ6rg5dVg@mail.gmail.com>
In the IETF Websec WG we call the use of MACs to bind requests (and responses) to sessions: "session continuation". There have been... many specific proposals and even deployed protocols, like yours. We really do need a standard method for session continuation. Session continuation is predicated on having a session key already exchanged, possibly by an authentication mechanism. We'd like to separate the two things: session continuation on the one hand, and key exchange (and authentication) on the other. If your protocol is mature enough it might well be the one we should adopt. I urge you to subscribe to websec@ietf.org and help us :) Nico --
Received on Monday, 8 July 2013 00:22:22 UTC