- From: Hervé Ruellan <herve.ruellan@crf.canon.fr>
- Date: Fri, 23 Jan 2015 16:25:18 +0100
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Martin Thomson <martin.thomson@gmail.com>, Jari Arkko <jari.arkko@piuha.net>
- CC: David Black <david.black@emc.com>, <ietf@ietf.org>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "fenix@google.com" <fenix@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 01/23/2015 01:21 PM, Stephen Farrell wrote: > > > On 23/01/15 02:12, Martin Thomson wrote: >> I definitely want to avoid making prescriptive statements about what to >> protect, even couched as suggestions. However, I think that a more generic >> statement that describes the characteristics of a header that might need >> protection is definitely a good idea. >> >> If Herve doesn't get there first, I can purpose text that concentrates on >> the coincidence of secret and small/easy-to-guess.. > > Yep, that'd be a good addition I'd say, so long as you > couch those characteristics as being the ones we know > about today that contraindicate compression. Who knows > what new attacks folks might find in future now that > attention has been drawn to this. > > Cheers, > S. I made a proposal at https://github.com/http2/http2-spec/pull/704 Hervé. >> On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote: >> >>> Thanks for the response. I think this may slightly enhance the feeling >>> that the list may not be needed. >>> >>> Jari >>> >>> >>
Received on Friday, 23 January 2015 15:25:59 UTC