IETF Logo Mail Archive

Re: Partial Encryption

Grahame Grieve <grahame@healthintersections.com.au> Tue, 11 April 2017 00:58 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 017B0126D05 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 10 Apr 2017 17:58:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.4
X-Spam-Level:
X-Spam-Status: No, score=-6.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWotVAvUH9VN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 10 Apr 2017 17:58:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B304E127873 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 10 Apr 2017 17:58:10 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cxk4l-0004Ji-Vr for ietf-http-wg-dist@listhub.w3.org; Tue, 11 Apr 2017 00:54:32 +0000
Resent-Date: Tue, 11 Apr 2017 00:54:31 +0000
Resent-Message-Id: <E1cxk4l-0004Ji-Vr@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <grahameg@gmail.com>) id 1cxk4h-0004Iw-Ol for ietf-http-wg@listhub.w3.org; Tue, 11 Apr 2017 00:54:27 +0000
Received: from mail-io0-f175.google.com ([209.85.223.175]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <grahameg@gmail.com>) id 1cxk4b-0004ut-2L for ietf-http-wg@w3.org; Tue, 11 Apr 2017 00:54:22 +0000
Received: by mail-io0-f175.google.com with SMTP id l7so116244990ioe.3 for <ietf-http-wg@w3.org>; Mon, 10 Apr 2017 17:54:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=xxAUDGMmnxDvzycVYwH1oFeZMuekLPaQhfgCalnCO3k=; b=g8FvOjniszCqJZSEfacL2qIzpJZWQ++7xfAByJ79ESWcq8GuiI4DQ7xGC7XKNZQyb1 bftU669D3iKpZqvkvgaDqcdH+R7bs5/FIDPO8tk1cj9/Eu1Q+l3x77ANqKuMsxVfjQDY y59BDQEYvvFr2afVVDQfdX4Zl8sIA/Hku3guZAFIZJJfdinHNhCLwOY70u2PB1IAE0iW GanSzfhWUOX6AQZGXRDmgSZ0coC0bTaTUictpqQbXwFizMmQVARVKLaWSH+ZaMeAJ+3q T+YAZAnCmZ3poRfG8YduluIQ42taB03n7LSnDoJYeUDz15hvvoIOmPqX8iWtreZNfZ5I xDUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=xxAUDGMmnxDvzycVYwH1oFeZMuekLPaQhfgCalnCO3k=; b=g29I6EjB/cS+gD62EQMAmKRsgycXVJvA8Fz0a+s2rKST2wc09+PDmfA4OEoCZmROkq LxJpDlavWOsdKRDT0R7zxlz2xlAYqj7PdjVX9NskTybz0vrnCiQraoRX4iBqiwVWeA6Q haPkGMUpLq/SS0SYnuyYpwwv01hjX+66z+hk3g5tPQzRv98WzSHknLcSFBzqCKWeJo+c k4T2ZQ0abo8XVYnyaaqUVHApkTLq36A/GFPR4ljnE28O/FlLbSZJKjnvC35OohZDsWg1 iJxqx0F+k6Z1iC2upRmO4ly8eWCHJzgAjUErEiqi2o9Xk3rO9fqWbT/3/MJ4Dk2nQxbz VuAg==
X-Gm-Message-State: AN3rC/5mdgQdsr+hyge+QbvlPBOAG++EREMRw7xsUOirA1JvOkGQE8wT 0qtsm+I7eQIt0Stvqv0YRAMXiWU0DQ==
X-Received: by 10.36.200.84 with SMTP id w81mr15505670itf.22.1491872034899; Mon, 10 Apr 2017 17:53:54 -0700 (PDT)
MIME-Version: 1.0
Sender: grahameg@gmail.com
Received: by 10.107.7.90 with HTTP; Mon, 10 Apr 2017 17:53:54 -0700 (PDT)
In-Reply-To: <CBB2CB4B-7D68-47FE-887B-422DEB99DB52@mnot.net>
References: <CAG47hGYbqbdTCsdjXwHARFvxysKdrzuNNR5XfVn6Zg7g8pisZA@mail.gmail.com> <CBB2CB4B-7D68-47FE-887B-422DEB99DB52@mnot.net>
From: Grahame Grieve <grahame@healthintersections.com.au>
Date: Tue, 11 Apr 2017 10:53:54 +1000
X-Google-Sender-Auth: _6XbSSaZ8KHL_f1Q4_pkYEH7i18
Message-ID: <CAG47hGajGpkrnhTQKFpMSqGNG=z98pV+EqJp4nyV8pzDwfMz9Q@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="94eb2c05f7b6b0ce70054cd98644"
Received-SPF: pass client-ip=209.85.223.175; envelope-from=grahameg@gmail.com; helo=mail-io0-f175.google.com
X-W3C-Hub-Spam-Status: No, score=-5.5
X-W3C-Hub-Spam-Report: AWL=-0.424, BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1cxk4b-0004ut-2L a088e18f6a003963fe9f7689ac1a84fd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Partial Encryption
Archived-At: <http://www.w3.org/mid/CAG47hGajGpkrnhTQKFpMSqGNG=z98pV+EqJp4nyV8pzDwfMz9Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33803
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

hi Mark

thanks. I'll work harder on getting the irony tone correct; in fact, those
questions themselves are not-stupid; it's the answers that usually are :-(

I've read that draft, but it doesn't seem to have any traction?

Grahame



On Tue, Apr 11, 2017 at 8:59 AM, Mark Nottingham <mnot@mnot.net> wrote:

> Hi Grahame,
>
> You might want to have a look at:
>   http://httpwg.org/http-extensions/draft-ietf-httpbis-
> encryption-encoding.html
> ... along with the implementation list at:
>   https://github.com/httpwg/wiki/wiki/EncryptedContentEncoding
>
> Cheers,
>
> P.S. Anticipating people's questions as "stupid" doesn't help the level of
> discourse here. Please refrain from doing so. Thanks.
>
>
>
> > On 11 Apr 2017, at 6:53 am, Grahame Grieve <grahame@healthintersections.
> com.au> wrote:
> >
> > We are getting strong push-back against the use of RESTful APis in
> healthcare, particularly in Europe, because there is no support for partial
> encryption - that is, where the content is encrypted (and signed) but the
> headers are not. SSL does both, obviously. (note: this is in b2b context).
> >
> > There are some RFCs floating around for encrypting and signing the http
> body, instead of (or as well as) using SSL - but these don't seem to have
> any penetration.
> >
> > So I'm increasingly seeing discussion around tunneling RESTful APIs
> across SOAP (pr higher level profiles on soap like ebMS), purely for the
> reason that they protect the body but not the headers.
> >
> > I'm interested in whether anyone here can give me a sense of perspective
> on where we are - why is content encryption not flying like transport
> encryption?
> >
> > And don't ask stupid questions like, how actually useful are the
> headers? This discussion isn't really about functionality but about the
> ability of large government backbone administrators to tick the box that
> they'll have the control they need, while being able to tick the box that
> they've protected the patient's privacy and the healthcare provider's need
> for reliability
> >
> > Grahame
> >
> >
> > --
> > -----
> > http://www.healthintersections.com.au / grahame@healthintersections.
> com.au / +61 411 867 065
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>


-- 
-----
http://www.healthintersections.com.au / grahame@healthintersections.com.au
/ +61 411 867 065

v2.23.0 | Report a Bug | By Email