- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 20 Dec 2011 18:36:24 +0100
- To: "Eric Rescorla" <ekr@rtfm.com>
- Cc: public-webapps@w3.org
On Sun, 18 Dec 2011 13:12:57 +0100, Eric Rescorla <ekr@rtfm.com> wrote: > Sorry, I forgot to mention the 1/n+1 splitting countermeasure in my > response. > > With that said, this isn't TLS 1.1, but rather a specific, more > backwards-compatible countermeasure. It's fine for the security > considerations section to say here that browsers must do either TLS 1.1 > or 1/n+1 splitting, but it should say something, since it's not like > 1/n+1 splitting is required by TLS (any version). Who's in charge of updating TLS? Surely this should be patched in the base specification rather than in every API that interacts with it. I do not want to make the life of the guy implementing XMLHttpRequest more difficult if the problem is supposed to be addressed at the TLS layer anyway. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 20 December 2011 17:36:54 UTC