Re: New Version Notification for draft-snell-httpbis-keynego-01.txt

In message <>
, Roberto Peon writes:

>Exposing the framing/length of things that would be in an
>encrypted-by-TLS bytestream today, however, does worry me-- 
>it makes BEAST/CRIME-like attacks significantly more difficult
>to protect against.


And there is no doubt either that there is an UI challenge in
communicating the security situation, if the various elements you
see are protected to different levels and degrees.

But there are also many benefits, for instance being able to
run the crypto-handshake in parallel with delivery of the first
unprotected page elements, rather than stall everything until TLS
has gotten its bits sorted out.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Wednesday, 20 November 2013 01:23:38 UTC