I know that all these half-eyed one-legged ;-) proposals are made
due to the fact that the so-called "basic" scheme doesn't provide
with much real security. The whole idea is that it will be compatible
with the next step, "pubkey" which provides almost the same security
level as PEM. It would be a needless mess to eventually end up with
two completely different schemes. And I'm not talking about far future,
if there aren't any enormous complications [with you guys ;-)], I would
finish this level by the end of this year.
By the way -- I reread the RFC1421 last night, and noticed that
I confused Key-Info: and DEK-Info: fields in my Revised Proposal. So
what I called DEC-Info is really Key-Info, like in my 1st proposal.
I also noticed that the body-MIC has to be encrypted, too. And it
should be encrypted first by server's private key (useful if we later
add server authentication) *and* then with browser's key (security).
Now I'm not sure if it's necessary at all to have the header MIC,
comments?
-- Ari --