On Fri, Jul 20, 2012 at 3:41 AM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:
> In message <9c4a1f3bd08bf10c608b2c01f01440b2.squirrel@arekh.dyndns.org>,
> "Nicol
> as Mailhot" writes:
>
> >1. at the start of a stateful interaction the server (only actor that
> >knows it will need state) challenges the user agent for a new unique id,
> >and provides a unique state tag (short so it can not be abused for
> >anything else)
>
> I think we can speed up this safely by allowing the client to always
> offer a unique ID without being asked. If the server doesn't need it,
> it will just ignore it.
>
>
Again, just brainstorming on this.... not sure if this works..
Client Server
| |
|=====================>|
|1)KEY_NEGO |
| id=1 |
| alg=session_key |
| params=... |
| |
|=====================>|
|2)SYN_STREAM |
| id=1 |
| method=GET |
| session_key=1 |
| |
> >I'm quite sure that if such a mechanism existed today the EU would have
> >just banned cookie use altogether.
>
> Indeed.
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
>