On Fri, Jul 20, 2012 at 3:41 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote: > In message <9c4a1f3bd08bf10c608b2c01f01440b2.squirrel@arekh.dyndns.org>, > "Nicol > as Mailhot" writes: > > >1. at the start of a stateful interaction the server (only actor that > >knows it will need state) challenges the user agent for a new unique id, > >and provides a unique state tag (short so it can not be abused for > >anything else) > > I think we can speed up this safely by allowing the client to always > offer a unique ID without being asked. If the server doesn't need it, > it will just ignore it. > > Again, just brainstorming on this.... not sure if this works.. Client Server | | |=====================>| |1)KEY_NEGO | | id=1 | | alg=session_key | | params=... | | | |=====================>| |2)SYN_STREAM | | id=1 | | method=GET | | session_key=1 | | | > >I'm quite sure that if such a mechanism existed today the EU would have > >just banned cookie use altogether. > > Indeed. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > >Received on Friday, 20 July 2012 16:43:55 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 20 July 2012 16:44:00 GMT