W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Some general thought on CRIME and Compression and Headers

From: Nico Williams <nico@cryptonector.com>
Date: Mon, 14 Jan 2013 10:00:01 -0600
Message-ID: <CAK3OfOiY0UoEbchxz84VsBQ=-9fJxQVp=5CB3_yJwvQoitThwQ@mail.gmail.com>
To: James M Snell <jasnell@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
See http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00

There's also a -00 of a protocol to meet the requirements laid out in
the problem statement.  It's got a few bugs, and also the intention is
to discuss the problem statement first (on the WEBSEC WG list) then
actual proposals (plural, we hope).  But roughly the proposals all
will tend to look roughly like "there's a session key and the requests
[and possibly responses] will carry a nonce and a MAC of stuff,
including the nonce, in the headers".

Nico
--
Received on Monday, 14 January 2013 16:00:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 14 January 2013 16:00:33 GMT