- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 24 Apr 2014 12:52:59 -0700
- To: Johnny Graettinger <jgraettinger@chromium.org>
- Cc: K.Morgan@iaea.org, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Matthew Kerwin <matthew@kerwin.net.au>
On 24 April 2014 11:51, Johnny Graettinger <jgraettinger@chromium.org> wrote: > Perhaps it would be preferable to use the existing segment mechanism > instead? I think that this is reasonable, and on balance, probably the right solution. I remain skeptical over claims that intermediaries are able to add padding, partly due to lack of information, and partly due to the fact that the intermediary is presumably getting data unpadded, which probably needs the same sort of protection. There's a long-standing principle that I think is applicable in this case. That principle states that end-to-end is the only real security.
Received on Thursday, 24 April 2014 19:53:29 UTC