W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 23 Jan 2015 12:21:25 +0000
Message-ID: <54C23CC5.7050901@cs.tcd.ie>
To: Martin Thomson <martin.thomson@gmail.com>, Jari Arkko <jari.arkko@piuha.net>
CC: David Black <david.black@emc.com>, ietf@ietf.org, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "fenix@google.com" <fenix@google.com>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>


On 23/01/15 02:12, Martin Thomson wrote:
> I definitely want to avoid making prescriptive statements about what to
> protect, even couched as suggestions. However, I think that a more generic
> statement that describes the characteristics of a header that might need
> protection is definitely a good idea.
> 
> If Herve doesn't get there first, I can purpose text that concentrates on
> the coincidence of secret and small/easy-to-guess..

Yep, that'd be a good addition I'd say, so long as you
couch those characteristics as being the ones we know
about today that contraindicate compression. Who knows
what new attacks folks might find in future now that
attention has been drawn to this.

Cheers,
S.

> On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote:
> 
>> Thanks for the response. I think this may slightly enhance the feeling
>> that the list may not be needed.
>>
>> Jari
>>
>>
> 
Received on Friday, 23 January 2015 12:22:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC