Re: Introducing a Session header...

On Fri, Jul 20, 2012 at 4:05 PM, Poul-Henning Kamp <> wrote:
> In message <>
> , Phillip Hallam-Baker writes:
>>I am not sure that anyone issues cards for Web cryptographic protocol
>>design. If they ever do, I think I can fairly claim card number 001.
> Dunno, I have always been yelled at for not being "a real cryptographer"
> so there must at least be a secret handshake of some sort :-)

The people shouting tend to be people who mistake disagreement with their
misunderstanding of his Bruce-ship with not understanding cryptography.

> For the session-id I'm talking about, the transport-routing session-id,
> I'm mostly worried about here is getting the privacy aspect wrong, and
> ending up with something which the EU bans.

I would not worry too much about that. The EU has not banned cookies, they
have banned using them for certain nefarious ends. What is being proposed
here is much smaller in scope and more highly constrained.


Received on Friday, 20 July 2012 22:22:05 UTC