- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Fri, 14 Mar 2014 01:41:54 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
* Martin Thomson wrote: >Proposed text: > There are demonstrable attacks on compression that exploit the > characteristics of the web platform (e.g., [BREACH]). The attacker > induces multiple requests containing varying plaintext, observing the > length of the resulting ciphertext in each, which reveals a shorter > length when a guess about the secret is correct. I think "web platform" is a word to be avoided; one reason is that the second result on Google for me is "By downloading and using the Web Platform Installer (WebPI), you agree to the license terms and privacy statement for WebPI." and the third "With the Microsoft Web Platform you get more than just a powerful set of tools, servers and technologies. You get a complete eco-system of products" and I am not sure whether at least those two refer to the same thing. The characteristics should be spelled out if they are important. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Friday, 14 March 2014 00:42:24 UTC