- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Fri, 23 Jan 2015 12:21:25 +0000
- To: Martin Thomson <martin.thomson@gmail.com>, Jari Arkko <jari.arkko@piuha.net>
- CC: David Black <david.black@emc.com>, ietf@ietf.org, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "fenix@google.com" <fenix@google.com>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 23/01/15 02:12, Martin Thomson wrote: > I definitely want to avoid making prescriptive statements about what to > protect, even couched as suggestions. However, I think that a more generic > statement that describes the characteristics of a header that might need > protection is definitely a good idea. > > If Herve doesn't get there first, I can purpose text that concentrates on > the coincidence of secret and small/easy-to-guess.. Yep, that'd be a good addition I'd say, so long as you couch those characteristics as being the ones we know about today that contraindicate compression. Who knows what new attacks folks might find in future now that attention has been drawn to this. Cheers, S. > On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote: > >> Thanks for the response. I think this may slightly enhance the feeling >> that the list may not be needed. >> >> Jari >> >> >
Received on Friday, 23 January 2015 12:22:09 UTC