[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
HTTP vs HTTPS (was Re: [DotGNU]Ignoring C#)
|
From: |
Norbert Bollow |
|
Subject: |
HTTP vs HTTPS (was Re: [DotGNU]Ignoring C#) |
|
Date: |
Fri, 27 Jul 2001 07:53:30 +0200 |
Barry Fitzgerald <address@hidden> wrote:
> I'm inclined to say here that either we use https, or use http as a
> wrapper around an encrypted token set - or both (which would be
> optimal)... That way, you're not transmitting sensitive information over
> the net without ANY protection at all.
I think that HTTP is better than HTTPS for DotGNU because we
will often transfer large amounts of data that don't need
excryption (such as Portable Executables of publicly-released
software).
So I think it is best to build on an entirely untrusted
communication channel (implemented with HTTP or an extension
of HTTP) and decide for every item of data whether it needs
encryption or a digital signature or both.
Greetings, Norbert.
--
A member of FreeDevelopers and the DotGNU Core Team http://dotgnu.org
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59 Fax +41 1 972 20 69 http://thinkcoach.com
Your own domain with all your Mailman lists: $15/month http://cisto.com
- Re: [DotGNU]Ignoring C#, (continued)