Greetings all,
A couple of years ago, I did some limited research on signed (but not
encrypted) HTTP responses. I discovered that although it had been
considered briefly by a few folks in the past, it never went anywhere. This
continues to be surprising to me, given the ever increasing need to
For context, $50.5m was the FY14 omnibus appropriations bill amount.
The President's budget is only one of many inputs into the actual
appropriations that result. Not sure what the brackets signal.
At State, much of our IF funding comes from funds that are not necessarily
explicitly called out
It would probably be as easy as using SSL with a null cipher with
authentication like poly1305.
Good luck getting it implemented anywhere. It would need a fair bit of
special treatment, like browsers explicitly recognizing it as *not* an
encrypted connection despite being an SSL cipher suite.
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
When we were putting together ideas for DDeflect we considered this as
it would solve many problems. Apparently it's been proposed, and
rejected, before ?
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2012-October/037668.html
Perhaps in these
On 11/03/14 14:21, David H. Mason wrote:
When we were putting together ideas for DDeflect we considered this as
it would solve many problems. Apparently it's been proposed, and
rejected, before ?
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2012-October/037668.html
Perhaps in these
Hmm, this is new since I last looked. Don't know if it is viable or not,
but it seems relevant:
http://tools.ietf.org/html/draft-cavage-http-signatures
On Mar 11, 2014 8:52 AM, Natanael natanae...@gmail.com wrote:
It would probably be as easy as using SSL with a null cipher with
authentication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear LibTech,
I apologize for cross-posting: I am writing to share a job posting from
the Association for Progressive Communications (APC), for an Outreach
and Capacity-building Coordinator to lead our internet rights networking
and
Natanael:
It would probably be as easy as using SSL with a null cipher with
authentication like poly1305.
I preferred to sign the source files on my local hdd using a tool that
internally uses gpg. That way the SSL CA's wouldn't have any power over
it, neither the web server.
If we were to
On Tue, Mar 11, 2014 at 12:37 PM, Patrick Schleizer
adrela...@riseup.net wrote:
Natanael:
It would probably be as easy as using SSL with a null cipher with
authentication like poly1305.
I preferred to sign the source files on my local hdd using a tool that
internally uses gpg. That way the
Steve Schultze:
Greetings all,
A couple of years ago, I did some limited research on signed (but not
encrypted) HTTP responses. I discovered that although it had been
considered briefly by a few folks in the past, it never went anywhere. This
continues to be surprising to me, given the ever
Den 11 mar 2014 20:42 skrev Gregory Maxwell gmaxw...@gmail.com:
On Tue, Mar 11, 2014 at 12:37 PM, Patrick Schleizer
adrela...@riseup.net wrote:
Natanael:
It would probably be as easy as using SSL with a null cipher with
authentication like poly1305.
I preferred to sign the source
On Tue, Mar 11, 2014 at 5:41 AM, Steve Schultze sjschul...@gmail.comwrote:
We sign software packages and emails. Why not http results? Ideally this
would call for an IETF standard implemented in the major http servers,
using certs already installed for https (if that is technically
On 12/03/14 01:45, Mitch Downey wrote:
Hi LibTech,
I'm a UX designer and developer working on a few open source liberation
technology projects. Please email me if you would like to learn more, have
feedback, or may want to get involved in any of the projects below. I would
especially like
Hi LibTech,
I'm a UX designer and developer working on a few open source liberation
technology projects. Please email me if you would like to learn more, have
feedback, or may want to get involved in any of the projects below. I would
especially like to connect with college students who could be
14 matches
Mail list logo
