permanent download (Free Archive id): 474391c0fc3867f29b59bfc30186f57d0db29c8d13a5a73b1b14e58a54e4a7bd

mime/type: application/pdf

source: http://www.almaden.ibm.com/cs/projects/iis/hdb/Publications/papers/www05.pdf

description: Merkle Tree Authentication of HTTP Responses "We propose extensions to existing web protocols that allow proofs of authenticity of HTTP server responses, whether or not the HTTP server is under the control of the publisher. These extensions protect users from content that may be substituted by malicious servers, and therefore have immediate applications in improving the security of web caching, mirroring, and relaying systems that rely on untrusted machines [2,4]. Our proposal relies on Merkle trees to support 200 and 404 response authentication while requiring only a single cryptographic hash of trusted data per repository. While existing web protocols such as HTTPS can provide authenticity guarantees (in addition to confidentiality), HTTPS consumes significantly more computational resources, and requires that the hosting server act without malice in generating responses and in protecting the publisher’s private key."

tags: hash hashing merkle_tree authentication http cryptography crypto web_of_trust fa:archive checksum

initially imported by adulau on Fri, 05 Jun 2009 20:29:50 +0000