- From: Adrien de Croy <adrien@qbik.com>
- Date: Mon, 21 Jul 2014 23:21:44 +0000
- To: "Martin Thomson" <martin.thomson@gmail.com>, "Willy Tarreau" <w@1wt.eu>
- Cc: "Roberto Peon" <grmocg@gmail.com>, "Poul-Henning Kamp" <phk@phk.freebsd.dk>, "Phil Hunt" <phil.hunt@oracle.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
I don't see how it makes any difference. Splitting something in two (path?query vs. path, query) doesn't add or subtract information or alter entropy. It's just a different way of parsing. ------ Original Message ------ From: "Martin Thomson" <martin.thomson@gmail.com> To: "Willy Tarreau" <w@1wt.eu> Cc: "Roberto Peon" <grmocg@gmail.com>; "Poul-Henning Kamp" <phk@phk.freebsd.dk>; "Phil Hunt" <phil.hunt@oracle.com>; "Mark Nottingham" <mnot@mnot.net>; "HTTP Working Group" <ietf-http-wg@w3.org> Sent: 22/07/2014 1:20:27 a.m. Subject: Re: consensus on :query ? >On 21 July 2014 00:53, Willy Tarreau <w@1wt.eu> wrote: >> >> I'm not sure what you mean, we're speaking about having a single >>:query >> for whatever follows the question mark, right ? If so, all the params >> must be tried as a single block. > >Yes, but there could be cases where the combination of path and query >contain sufficiently high entropy in combination, but one or other >contains insufficient entropy on its own to resist guessing attacks. >
Received on Monday, 21 July 2014 23:22:18 UTC