Re: Benoit Claise's Discuss on draft-ietf-httpbis-header-compression-10: (with DISCUSS)

On 2015-01-22 17:44, Roberto Peon wrote:
> For my part, if it isn't clear what to do with these (set the
> never-index bit when making a request where the entity causing the
> request is a 3rd party as a stronger defense against CRIME-like
> attacks), then it really should be better documented.
> I'd be happy to see this recommendation added to either the HTTP2 or
> HPACK document and/or discussed more.
>
> -=R

While discussing this at WG meeting, wasn't the "Authorization" header 
field (when using Basic auth) mentioned as example? Maybe that's worth 
mentioning in the spec?

Best regards, Julian

Received on Thursday, 22 January 2015 19:06:06 UTC