Re: Partial Encryption
Mark Nottingham <mnot@mnot.net> Tue, 11 April 2017 00:59 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E99BF129AB5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 10 Apr 2017 17:59:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ESQCm4Z8Iw2S for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 10 Apr 2017 17:59:49 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D1F7127873 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 10 Apr 2017 17:59:49 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cxk7c-000641-9M for ietf-http-wg-dist@listhub.w3.org; Tue, 11 Apr 2017 00:57:28 +0000
Resent-Date: Tue, 11 Apr 2017 00:57:28 +0000
Resent-Message-Id: <E1cxk7c-000641-9M@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1cxk7Z-000636-S6 for ietf-http-wg@listhub.w3.org; Tue, 11 Apr 2017 00:57:25 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <mnot@mnot.net>) id 1cxk7T-00051e-9O for ietf-http-wg@w3.org; Tue, 11 Apr 2017 00:57:20 +0000
Received: from [192.168.3.104] (unknown [124.189.98.244]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 049C922E255; Mon, 10 Apr 2017 20:56:55 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAG47hGajGpkrnhTQKFpMSqGNG=z98pV+EqJp4nyV8pzDwfMz9Q@mail.gmail.com>
Date: Tue, 11 Apr 2017 10:56:53 +1000
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F5D76141-5A2B-4438-AA39-9F8011A4CF82@mnot.net>
References: <CAG47hGYbqbdTCsdjXwHARFvxysKdrzuNNR5XfVn6Zg7g8pisZA@mail.gmail.com> <CBB2CB4B-7D68-47FE-887B-422DEB99DB52@mnot.net> <CAG47hGajGpkrnhTQKFpMSqGNG=z98pV+EqJp4nyV8pzDwfMz9Q@mail.gmail.com>
To: Grahame Grieve <grahame@healthintersections.com.au>
X-Mailer: Apple Mail (2.3273)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-7.4
X-W3C-Hub-Spam-Report: AWL=2.226, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1cxk7T-00051e-9O f27270991712813b938f9711dd5c1bef
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Partial Encryption
Archived-At: <http://www.w3.org/mid/F5D76141-5A2B-4438-AA39-9F8011A4CF82@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33804
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
> On 11 Apr 2017, at 10:53 am, Grahame Grieve <grahame@healthintersections.com.au> wrote: > > hi Mark > > thanks. I'll work harder on getting the irony tone correct; in fact, those questions themselves are not-stupid; it's the answers that usually are :-( :) No worries. I probably needed more coffee when I read it too. > I've read that draft, but it doesn't seem to have any traction? It has some -- see the implementation list. Because it's part of WebPush, it'll end up in browsers too (and I think already is getting in there), although it's not clear how/if it'll be exposed generically. Cheers, > > Grahame > > > > On Tue, Apr 11, 2017 at 8:59 AM, Mark Nottingham <mnot@mnot.net> wrote: > Hi Grahame, > > You might want to have a look at: > http://httpwg.org/http-extensions/draft-ietf-httpbis-encryption-encoding.html > ... along with the implementation list at: > https://github.com/httpwg/wiki/wiki/EncryptedContentEncoding > > Cheers, > > P.S. Anticipating people's questions as "stupid" doesn't help the level of discourse here. Please refrain from doing so. Thanks. > > > > > On 11 Apr 2017, at 6:53 am, Grahame Grieve <grahame@healthintersections.com.au> wrote: > > > > We are getting strong push-back against the use of RESTful APis in healthcare, particularly in Europe, because there is no support for partial encryption - that is, where the content is encrypted (and signed) but the headers are not. SSL does both, obviously. (note: this is in b2b context). > > > > There are some RFCs floating around for encrypting and signing the http body, instead of (or as well as) using SSL - but these don't seem to have any penetration. > > > > So I'm increasingly seeing discussion around tunneling RESTful APIs across SOAP (pr higher level profiles on soap like ebMS), purely for the reason that they protect the body but not the headers. > > > > I'm interested in whether anyone here can give me a sense of perspective on where we are - why is content encryption not flying like transport encryption? > > > > And don't ask stupid questions like, how actually useful are the headers? This discussion isn't really about functionality but about the ability of large government backbone administrators to tick the box that they'll have the control they need, while being able to tick the box that they've protected the patient's privacy and the healthcare provider's need for reliability > > > > Grahame > > > > > > -- > > ----- > > http://www.healthintersections.com.au / grahame@healthintersections.com.au / +61 411 867 065 > > -- > Mark Nottingham https://www.mnot.net/ > > > > > -- > ----- > http://www.healthintersections.com.au / grahame@healthintersections.com.au / +61 411 867 065 -- Mark Nottingham https://www.mnot.net/
- Re: Partial Encryption Mark Nottingham
- Partial Encryption Grahame Grieve
- Re: Partial Encryption Amos Jeffries
- Re: Partial Encryption John Gates
- Re: Partial Encryption Mark Nottingham
- Re: Partial Encryption Grahame Grieve