« Return to Thread: http+aes

Re: http+aes

by Anne van Kesteren-2 :: Rate this Message:

On Mon, 05 Mar 2012 11:29:01 +0100, Poul-Henning Kamp <phk@...>
wrote:
> In message <4F549392.60802@...>, Julian Reschke writes:
>> FYI:
>>
>> http://dev.w3.org/html5/spec/Overview.html#http-aes-scheme
>
> So you encrypt the response body with the password clearly visible in the
> request, to gain privacy ?
>
> Please explain what I'm overlooking here...

I think the intent is that the user agent does the decryption and that
therefore the key is not part of the request, but the specification is
sort of vague / wrong on that it seems. Ian?

--
Anne van Kesteren
http://annevankesteren.nl/

« Return to Thread: http+aes