- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 02 Sep 2015 08:39:43 -0700
- To: "The IESG" <iesg@ietf.org>
- Cc: "Mark Nottingham" <mnot@pobox.com>, ietf-http-wg@w3.org
Stephen Farrell has entered the following ballot position for draft-ietf-httpbis-cice-02: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-cice/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Did anyone think through the potential for this kind of change to interact with attacks like BREACH? [1] It looks like at least some of the mitigations mentioned on [1] would not apply to requests, or possibly not, so I suspect there is something to say here. If that analysis was not done, I think someone ought look at it. If that analysis was done, shouldn't there be some mention here? [1] http://breachattack.com/
Received on Wednesday, 2 September 2015 15:41:10 UTC