W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Benoit Claise's Discuss on draft-ietf-httpbis-header-compression-10: (with DISCUSS)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 22 Jan 2015 20:04:58 +0100
Message-ID: <54C149DA.6090803@gmx.de>
To: Roberto Peon <grmocg@gmail.com>, Barry Leiba <barryleiba@computer.org>
CC: Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org>, David <david.black@emc.com>, Black@ietfa.amsl.com, Mark Nottingham <mnot@mnot.net>, httpbis-chairs@tools.ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
On 2015-01-22 17:44, Roberto Peon wrote:
> For my part, if it isn't clear what to do with these (set the
> never-index bit when making a request where the entity causing the
> request is a 3rd party as a stronger defense against CRIME-like
> attacks), then it really should be better documented.
> I'd be happy to see this recommendation added to either the HTTP2 or
> HPACK document and/or discussed more.
>
> -=R

While discussing this at WG meeting, wasn't the "Authorization" header 
field (when using Basic auth) mentioned as example? Maybe that's worth 
mentioning in the spec?

Best regards, Julian
Received on Thursday, 22 January 2015 19:06:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC