W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: draft-ietf-httpbis-http2-latest, 4.3 Header Compression and Decompression, 10.6 Use of Compression

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 9 Jul 2014 21:44:22 -0700
Message-ID: <CABkgnnVZ4BhKv9ktDvX=H+ie1CTOvXin3Thi-0NAN7x=q-EbSw@mail.gmail.com>
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: HTTPBIS working group mailing list <ietf-http-wg@w3.org>
On 9 July 2014 20:47, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
>
> 1) Attack is relevent only when TLS is used -- otherwise data
>    is observed by attacker in any case
>
> 2) TLS between proxy -> Web server   means that
>    original URL was  https://...
>
> 3) https://... URL means that T wants end to end encryption
>    and therefore T uses CONNECT methed for proxy


These are correct, but we are talking about new uses for TLS, and
there are cases (gateways in particular) where the problem could
manifest.
Received on Thursday, 10 July 2014 04:44:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 September 2019 17:48:19 UTC