- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 11 Jul 2014 11:38:35 -0700
- To: Jason Greene <jason.greene@redhat.com>
- Cc: Greg Wilkins <gregw@intalio.com>, Jeff Pinner <jpinner@twitter.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 11 July 2014 11:35, Jason Greene <jason.greene@redhat.com> wrote: >> http://lists.w3.org/Archives/Public/ietf-http-wg/2014JulSep/0760.html > > Ok in that case, Roberto’s analysis does not prove what you say it does. I'm pretty sure that it does. This point: > The current design handles this fairly well, at most one set of headers can > be incomplete at any point in time (sending a large number of incomplete > headers and keeping most of them incomplete most of the time is an > excellent attack vector, which the design currently precludes).
Received on Friday, 11 July 2014 18:39:05 UTC