- From: Nico Williams <nico@cryptonector.com>
- Date: Mon, 14 Jan 2013 10:00:01 -0600
- To: James M Snell <jasnell@gmail.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
See http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00 There's also a -00 of a protocol to meet the requirements laid out in the problem statement. It's got a few bugs, and also the intention is to discuss the problem statement first (on the WEBSEC WG list) then actual proposals (plural, we hope). But roughly the proposals all will tend to look roughly like "there's a session key and the requests [and possibly responses] will carry a nonce and a MAC of stuff, including the nonce, in the headers". Nico --
Received on Monday, 14 January 2013 16:00:31 UTC