>From what you've said, this appears to be a shared key system which
provides marginal protection against abuse of the cache but with
wide distribution of the key, it does seem to me to be providing
a significant challange to abuse of the key.
As I understand the suggested use case, a cache will have encrypted
content placed there by the content owner (or agent) and then
multiple users will be provided the URL and key for retrieval.
Sounds pretty weak to me.
On Mon, 5 Mar 2012, Ian Hickson wrote:
> On Mon, Mar 5, 2012 at 10:09 AM, Poul-Henning Kamp <phk@...>wrote:
> > I'm sorry, but IMO this is just security-theater, and it represents
> > so terrible handling of key-material that it is deeply irresponsible
> > to even mention it in a standards document, without a lengthy list
> > of caveats and disclaimers.
> Could you elaborate on this? In particular, what risks do you believe exist
> here given the scenario this is intended to address and given the list of
> issues to consider already given in the specification?
> I'm eager to address any problems that exist with this proposal, but I am
> failing to reconcile the proposal as I understand it with your assessment
> of it above.
> Ian Hickson