4.1.1 Download Confidentiality

The protocol download transport is built upon HTTP, a stateless protocol. Therefore, to secure communications between peers or between peers and a hosted cache any content sent in messages is encrypted using the segment secret of the segment within which the content is contained. This ensures that it is intractable for an entity which is not in possession of the server secret used to derive the segment secret to discover the actual data contained in such an encrypted message.

If the segment secret Kp is not treated with the same degree of security as the plaintext segment itself, then the security of the content is diminished. This relationship holds because knowledge of Kp for a given segment is sufficient to obtain the segment from peers using the Peer Content Caching and Retrieval Framework protocols, and then decrypt it. Knowledge of Ks does not immediately yield any specific plain text but can be used to glean certain types of data from the ciphertext, and expose data to a brute-force guessing attack. Knowledge of Ks exposes all cipher text in Content Information generated by a specific server to a brute-force attack; therefore, Ks is just as sensitive, if not more so, than Kp.