W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10

From: Hervé Ruellan <herve.ruellan@crf.canon.fr>
Date: Fri, 23 Jan 2015 16:25:18 +0100
Message-ID: <54C267DE.5040202@crf.canon.fr>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Martin Thomson <martin.thomson@gmail.com>, Jari Arkko <jari.arkko@piuha.net>
CC: David Black <david.black@emc.com>, <ietf@ietf.org>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "fenix@google.com" <fenix@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>


On 01/23/2015 01:21 PM, Stephen Farrell wrote:
>
>
> On 23/01/15 02:12, Martin Thomson wrote:
>> I definitely want to avoid making prescriptive statements about what to
>> protect, even couched as suggestions. However, I think that a more generic
>> statement that describes the characteristics of a header that might need
>> protection is definitely a good idea.
>>
>> If Herve doesn't get there first, I can purpose text that concentrates on
>> the coincidence of secret and small/easy-to-guess..
>
> Yep, that'd be a good addition I'd say, so long as you
> couch those characteristics as being the ones we know
> about today that contraindicate compression. Who knows
> what new attacks folks might find in future now that
> attention has been drawn to this.
>
> Cheers,
> S.

I made a proposal at https://github.com/http2/http2-spec/pull/704

Hervé.

>> On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote:
>>
>>> Thanks for the response. I think this may slightly enhance the feeling
>>> that the list may not be needed.
>>>
>>> Jari
>>>
>>>
>>
Received on Friday, 23 January 2015 15:25:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC