On Mon, Feb 11, 2013 at 11:39 AM, Nico Williams <nico@cryptonector.com>wrote: > On Mon, Feb 11, 2013 at 10:07 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> > wrote: > >>It's not just the disk space, but also the need to fetch it and the > >>need to distribute it across related servers. Using the client to do > >>this has some benefits. > > > > ... for the server, yes. > > > > And a lot of disadvantages for the client, such as not having your > > context coming along to a different computer, privacy, bandwidth etc. > > Bandwidth costs can be addressed by having the server cache its state, > using the client only to rebuild that state when it gets pushed out of > the cache (e.g., due to client idle time). > > As for privacy, encrypted state cookies do not compromise privacy any > more than random session IDs. > > Nico > -- > I should have made this clear earlier, there should be only two types of cookie-type data: Authentication tokens - which only go over the wire exactly once. Encrypted state tokens - which only the server should be able to decrypt. -- Website: http://hallambaker.com/Received on Monday, 11 February 2013 16:44:49 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 11 February 2013 16:44:51 GMT