tag:blogger.com,1999:blog-3944976411672994427.post8121243526914363270..comments2007-10-11T08:28:27.746+07:00James Clarkhttp://www.blogger.com/profile/08445951113700394609noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-3944976411672994427.post-70348703559064818802007-10-11T08:28:00.000+07:002007-10-11T08:28:00.000+07:00Digest authentication has an optional integrity check. However, you still need to provide a password, so it's integrity without confidentiality, but not without authentication. Also, caching is still problematic (while you could associate CC: public with it, checking integrity from a cached copy wouldn't be possible), and persisting it would still be a problem.<BR/><BR/>How about a new header, something like<BR/><BR/>Content-HMAC: hash="..."; key="http://example.org/key"<BR/><BR/>(where people who really care will protect the key with https)<BR/><BR/>The issue with this approach is that you have to buffer the whole response before signing it. Two approaches to that are using a HTTP trailer (easy to persist, but not well-supported), and using a chunk-ext (which *may* be easier to support, but harder to persist, and probably even more streaming-friendly).Mark Nottinghamhttp://www.mnot.net/noreply@blogger.comtag:blogger.com,1999:blog-3944976411672994427.post-4951630596355255742007-10-09T20:04:00.000+07:002007-10-09T20:04:00.000+07:00Return <B>multipart/signed</B> content where one part is the response (eg <B>text/css</B>) and a second part is a <B>application/pkcs7-signature</B> digital signature.<BR/><BR/><A HREF="http://www.ietf.orf/rfc/rfc1847.txt" REL="nofollow">RFC 1847</A> Secure Multiparts for MIME<BR/><A HREF="http://www.ietf.orf/rfc/rfc3851.txt" REL="nofollow">RFC 3851</A> S/MIME v3.1 message specification<BR/><A HREF="http://www.ietf.orf/rfc/rfc4134.txt" REL="nofollow">RFC 4134</A> Examples of S/MIME Messages<BR/> (section 4.8)<BR/><BR/>Now... do you know how to get browsers to support this?James Mangernoreply@blogger.comtag:blogger.com,1999:blog-3944976411672994427.post-59189888199980340652007-10-08T23:12:00.000+07:002007-10-08T23:12:00.000+07:00A similar requirement for "message-based" integrity was discovered when the Atom Syntax RFC was being drafted. Syndication feeds are frequently composed of entries that are extracted from a variety of other feeds and aggregated together. Of course, one is then left wondering if an aggregated entry is, in fact, a faithful copy of the original. Thus, Atom provides for signing not only an entire Atom feed but also signing of the individual entries within the feed. Thus, when a signed entry is aggregated into another feed, it maintains the signature it was given in its "source" feed. <BR/>This ability to aggregate signed entries will become very important when syndication feeds are used to aggregate event information, offers-to-buy, offers-to-sell, etc. whose integrity must be established before they can be relied upon. Supporting such aggregation without loss of integrity is only one of many ways that Atom supports application models that are far more useful than what RSS can support...<BR/><BR/>bob wymanBob Wymanhttp://www.blogger.com/profile/09394365216950330549noreply@blogger.comtag:blogger.com,1999:blog-3944976411672994427.post-15509152003115622122007-10-07T22:45:00.000+07:002007-10-07T22:45:00.000+07:00Technically, TLS (SSL) does support null encryption which is a signing-only mode. See the TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA algorithms in RFC 2246.<BR/><BR/>However it's still not practical because almost no web browsers or servers support the null encryption modes (at least in their default configurations), and the HTTP caching techniques used today are not quite good enough, because even in signing-only mode TLS still employees a handshake.Deron Merandahttp://deron.meranda.us/noreply@blogger.com