1994-12-13 - Correction
Header Data
From: ekr@eit.COM (Eric Rescorla)
To: cypherpunks@toad.com
Message Hash: 82c6bcb9412222cd62198a342517146b2ad4104c58faefad7830ba8bb11dbbaa
Message ID: <9412131637.AA24834@eitech.eit.com>
Reply To: N/A
UTC Datetime: 1994-12-13 16:39:44 UTC
Raw Date: Tue, 13 Dec 94 08:39:44 PST
Raw message
From: ekr@eit.COM (Eric Rescorla)
Date: Tue, 13 Dec 94 08:39:44 PST
To: cypherpunks@toad.com
Subject: Correction
Message-ID: <9412131637.AA24834@eitech.eit.com>
MIME-Version: 1.0
Content-Type: text/plain
My previous message about HTTP Security implied that you would
(in SHTTP) reuse the DEK from say an HTTP request for the reply.
You most certainly would not do this. (It's horribly bad
key hygiene.) Rather, SHTTP provides a way to exchange
a symmetric encryption key (in an HTTP message) that can subsequently
be used cover subsequent DEKs.
Sorry for the possible confusion...
-Ekr
Thread
Return to December 1994
Return to “ekr@eit.COM (Eric Rescorla)”
1994-12-13 (Tue, 13 Dec 94 08:39:44 PST) - Correction - ekr@eit.COM (Eric Rescorla)