On 01/23/2015 01:21 PM, Stephen Farrell wrote: > > > On 23/01/15 02:12, Martin Thomson wrote: >> I definitely want to avoid making prescriptive statements about what to >> protect, even couched as suggestions. However, I think that a more generic >> statement that describes the characteristics of a header that might need >> protection is definitely a good idea. >> >> If Herve doesn't get there first, I can purpose text that concentrates on >> the coincidence of secret and small/easy-to-guess.. > > Yep, that'd be a good addition I'd say, so long as you > couch those characteristics as being the ones we know > about today that contraindicate compression. Who knows > what new attacks folks might find in future now that > attention has been drawn to this. > > Cheers, > S. I made a proposal at https://github.com/http2/http2-spec/pull/704 Hervé. >> On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote: >> >>> Thanks for the response. I think this may slightly enhance the feeling >>> that the list may not be needed. >>> >>> Jari >>> >>> >>Received on Friday, 23 January 2015 15:25:59 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC