1994-12-13 - Re: HTTP security

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: ekr@eit.com (Eric Rescorla)
Message Hash: b85278144678077d425cd7509cbb716ea3ca379446a1d144f0f8ed62a183d00c
Message ID: <9412131643.AA12378@snark.imsi.com>
Reply To: <9412131633.AA24750@eitech.eit.com>
UTC Datetime: 1994-12-13 16:44:25 UTC
Raw Date: Tue, 13 Dec 94 08:44:25 PST

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Tue, 13 Dec 94 08:44:25 PST
To: ekr@eit.com (Eric Rescorla)
Subject: Re: HTTP security
In-Reply-To: <9412131633.AA24750@eitech.eit.com>
Message-ID: <9412131643.AA12378@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Rescorla says:
> In the email world, you don't necessarily have any sort of prior
> relationship with the person you're communicating with and that public
> key cryptography is relatively cheap. (When it takes minutes to
> ship mail across the net, who's going to notice a second or two
> of signature verification?) However, in the case of the Web,
> things are very different.

Since one can sign pages just once (they are written once and read
often) and one can pick one's signature algorithm to speed up
verifications relative to the signatures (using small exponents is the
usual trick fo this), I'm not sure its that big a problem.

I'd like these algorithms to support the serving of signed pages from
hosts that do not know the keys that the pages have been signed with
-- offline signature schemes like the one I just described will
support that nicely.

(However, any algorithm that is cognisant of the difference between
securing the pages and just securing the channel is an improvement
over the SSL proposal.)

.pm





Thread