Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10

On 23/01/15 02:12, Martin Thomson wrote:
> I definitely want to avoid making prescriptive statements about what to
> protect, even couched as suggestions. However, I think that a more generic
> statement that describes the characteristics of a header that might need
> protection is definitely a good idea.
> 
> If Herve doesn't get there first, I can purpose text that concentrates on
> the coincidence of secret and small/easy-to-guess..

Yep, that'd be a good addition I'd say, so long as you
couch those characteristics as being the ones we know
about today that contraindicate compression. Who knows
what new attacks folks might find in future now that
attention has been drawn to this.

Cheers,
S.

> On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote:
> 
>> Thanks for the response. I think this may slightly enhance the feeling
>> that the list may not be needed.
>>
>> Jari
>>
>>
> 

Received on Friday, 23 January 2015 12:22:09 UTC