From: "Perry E. Metzger" <perry@imsi.com>
Date: Tue, 13 Dec 94 08:44:25 PST
To: ekr@eit.com (Eric Rescorla)
Subject: Re: HTTP security
In-Reply-To: <9412131633.AA24750@eitech.eit.com>
Message-ID: <9412131643.AA12378@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Rescorla says:
> In the email world, you don't necessarily have any sort of prior
> relationship with the person you're communicating with and that public
> key cryptography is relatively cheap. (When it takes minutes to
> ship mail across the net, who's going to notice a second or two
> of signature verification?) However, in the case of the Web,
> things are very different.

Since one can sign pages just once (they are written once and read
often) and one can pick one's signature algorithm to speed up
verifications relative to the signatures (using small exponents is the
usual trick fo this), I'm not sure its that big a problem.

I'd like these algorithms to support the serving of signed pages from
hosts that do not know the keys that the pages have been signed with
-- offline signature schemes like the one I just described will
support that nicely.

(However, any algorithm that is cognisant of the difference between
securing the pages and just securing the channel is an improvement
over the SSL proposal.)

.pm