- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 22 Jan 2015 20:04:58 +0100
- To: Roberto Peon <grmocg@gmail.com>, Barry Leiba <barryleiba@computer.org>
- CC: Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org>, David <david.black@emc.com>, Black@ietfa.amsl.com, Mark Nottingham <mnot@mnot.net>, httpbis-chairs@tools.ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
On 2015-01-22 17:44, Roberto Peon wrote: > For my part, if it isn't clear what to do with these (set the > never-index bit when making a request where the entity causing the > request is a 3rd party as a stronger defense against CRIME-like > attacks), then it really should be better documented. > I'd be happy to see this recommendation added to either the HTTP2 or > HPACK document and/or discussed more. > > -=R While discussing this at WG meeting, wasn't the "Authorization" header field (when using Basic auth) mentioned as example? Maybe that's worth mentioning in the spec? Best regards, Julian
Received on Thursday, 22 January 2015 19:06:06 UTC