- From: Roland Zink <roland@zinks.de>
- Date: Wed, 05 Mar 2014 12:47:33 +0100
- To: ietf-http-wg@w3.org
What does this mean for proxies? Should proxies open a new outgoing connection for each incoming? HPACK can do a diff to the previous request. If the previous request is from a different client then the diff might be rather large. Should HPACK be extended to allow several reference sets and switch between them? Roland On 05.03.2014 11:23, Martin Thomson wrote: > An implementation is potentially affected by this attack if it allows > multiple actors to influence the creation of HTTP header fields on the > same connection. It also requires that header fields provided by any > one actor be kept secret from any other actor. In the canonical > example of a browser, the invariant we want to maintain is that any > origin (the primary class of actor in that context) is unable to > access header fields that are created by other origins, or the browser > itself. > > I'll note that this is also potentially an issue for non-browsers that > use proxies. > >
Received on Wednesday, 5 March 2014 11:47:56 UTC