Re: Introducing a Session header... from James M Snell on 2012-07-20 (ietf-http-wg@w3.org from July to September 2012)

From: James M Snell <jasnell@gmail.com>
Date: Fri, 20 Jul 2012 09:43:06 -0700
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Amos Jeffries <squid3@treenet.co.nz>, Willy Tarreau <w@1wt.eu>, ietf-http-wg@w3.org
Message-ID: <CABP7RbexMw7w3oKWq_QPDSfqHwuG9dj2FZa6dUBa=hPg5ffO8Q@mail.gmail.com>

On Fri, Jul 20, 2012 at 3:41 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <9c4a1f3bd08bf10c608b2c01f01440b2.squirrel@arekh.dyndns.org>,
> "Nicol
> as Mailhot" writes:
>
> >1. at the start of a stateful interaction the server (only actor that
> >knows it will need state) challenges the user agent for a new unique id,
> >and provides a unique state tag (short so it can not be abused for
> >anything else)
>
> I think we can speed up this safely by allowing the client to always
> offer a unique ID without being asked.  If the server doesn't need it,
> it will just ignore it.
>
>
Again, just brainstorming on this.... not sure if this works..

Client                 Server
  |                      |
  |=====================>|
  |1)KEY_NEGO            |
  | id=1                 |
  | alg=session_key      |
  | params=...           |
  |                      |
  |=====================>|
  |2)SYN_STREAM          |
  | id=1                 |
  | method=GET           |
  | session_key=1        |
  |                      |


>  >I'm quite sure that if such a mechanism existed today the EU would have
> >just banned cookie use altogether.
>
> Indeed.
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
>

Received on Friday, 20 July 2012 16:43:55 UTC