Re: Security implications of gzip #423

* Martin Thomson wrote:
>Proposed text:

>   There are demonstrable attacks on compression that exploit the
>   characteristics of the web platform (e.g., [BREACH]).  The attacker
>   induces multiple requests containing varying plaintext, observing the
>   length of the resulting ciphertext in each, which reveals a shorter
>   length when a guess about the secret is correct.

I think "web platform" is a word to be avoided; one reason is that the
second result on Google for me is "By downloading and using the Web
Platform Installer (WebPI), you agree to the  license terms and privacy
statement for WebPI." and the third "With the Microsoft Web Platform you
get more than just a powerful set of tools, servers and technologies.
You get a complete eco-system of products" and I am not sure whether at
least those two refer to the same thing. The characteristics should be
spelled out if they are important.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Received on Friday, 14 March 2014 00:42:24 UTC