This is a single archived entry from Stefan Tilkov’s blog. For more up-to-date content, check out my author page at INNOQ, which has more information about me and also contains a list of published talks, podcasts, and articles. Or you can check out the full archive.

S/MIME is not for Mail Only

Stefan Tilkov, Oct 8, 2007

James Clark thinks there’s a real need for a cache-friendly way to sign HTTP responses — to get the benefits of HTTP caching while ensuring integrity. Sam Ruby points to RFC 4130, which explains how to combine S/MIME with HTTP:

The data is packaged using standard MIME structures. Authentication and data confidentiality are obtained by using Cryptographic Message Syntax with S/MIME security body parts. Authenticated acknowledgements make use of multipart/signed Message Disposition Notification (MDN) responses to the original HTTP message.