[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Impacts of Encryption Everywhere (any solution?)

Subject: Impacts of Encryption Everywhere (any solution?)
From: owen at delong.com (Owen DeLong)
Date: Tue, 29 May 2018 10:15:24 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

> 
> The http+signature data could then be cashed just fine, and stored in
> the clear.  The web site could determine what to serve up that way to
> maintain security.  All POST commands would have to be HTTPS (data from
> client to server), and of course sensitive information would be returned
> HTTPS only.

Makes a lot of sense, butâ?¦

Wouldnâ??t you also have to require that all GET commands (or at lest GET
commands for strings containing a ? character) be sent via HTTPS?

In many cases, thereâ??s little difference between the data disclosure
of a POST form vs. the disclosure achieved with GET URL?attribute=value&â?¦

Indeed, there are multiple libraries out there which allow one to treat
the variables from POST data and the variables from GET â??query stringsâ??
as virtually identical. I suspect that in most cases, the only reason
said libraries distinguish is to maintain namespace separation in case of
collisions (since query strings can also be applied to POST requests).

> Why doesn't that exist?

Because developers are lazy?

Owen

References:
- Impacts of Encryption Everywhere (any solution?)
  - From: nanog at ics-il.net (Mike Hammett)
- Impacts of Encryption Everywhere (any solution?)
  - From: bicknell at ufp.org (Leo Bicknell)

Prev by Date: Impacts of Encryption Everywhere (any solution?)
Next by Date: Impacts of Encryption Everywhere (any solution?)
Previous by thread: Impacts of Encryption Everywhere (any solution?)
Next by thread: Impacts of Encryption Everywhere (any solution?)
Index(es):
- Date
- Thread