W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2015

Stephen Farrell's Discuss on draft-ietf-httpbis-cice-02: (with DISCUSS)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 02 Sep 2015 08:39:43 -0700
To: "The IESG" <iesg@ietf.org>
Cc: "Mark Nottingham" <mnot@pobox.com>, ietf-http-wg@w3.org
Message-ID: <20150902153943.26198.21461.idtracker@ietfa.amsl.com>
Stephen Farrell has entered the following ballot position for
draft-ietf-httpbis-cice-02: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-cice/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------



Did anyone think through the potential for this kind of
change to interact with attacks like BREACH? [1] It
looks like at least some of the mitigations mentioned on
[1] would not apply to requests, or possibly not, so I
suspect there is something to say here. If that analysis
was not done, I think someone ought look at it. If that
analysis was done, shouldn't there be some mention here? 

   [1] http://breachattack.com/
Received on Wednesday, 2 September 2015 15:41:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:46 UTC