Shostack + Friends Blog Archive

 

On RSS Security

I’ve been mystified for a while by people talking about a need for RSS security products, as if those were somewhat different than other HTTP security products. Apparently, I wasn’t alone in this, Greg Reinacker, CTO of Feedburner Newsgator writes:

I was on a call the other day with some folks in the industry, and someone made a comment to the effect of “we really need to come up with some kind of solution for securing RSS feeds – then we can really do some cool stuff.” Before I could get on my soapbox, someone else on the call concurred with the first person. When I mentioned that this stuff has been figured out already, and started describing the existing widely-used mechanisms, they were both a bit surprised, and suggested I write something about it. So here we go. 🙂

Read “RSS Security” before you pitch that great new startup idea spend money on an RSS security product.

4 comments on "On RSS Security"

  • One small correction – I’m actually CTO of NewsGator. 🙂

  • Eric Lunt says:

    Well well, Greg … I guess I better watch my back!

  • Justin Mason says:

    I’ve been wondering about that, too, and assumed it was companies hoping to grab funding by fixing a nonexistent problem. I’m already reading a couple of “private” RSS feeds, daily, using HTTP basic auth over HTTPS…

  • Adam says:

    Eric,
    Sorry that this was how you had to find out about your new job. 🙂

Comments are closed.