Something like this, perhaps? http://httpwg.github.io/specs/rfc7540.html#rfc.section.10.6 Cheers, > On 3 Sep 2015, at 1:39 am, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Stephen Farrell has entered the following ballot position for > draft-ietf-httpbis-cice-02: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-httpbis-cice/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > > Did anyone think through the potential for this kind of > change to interact with attacks like BREACH? [1] It > looks like at least some of the mitigations mentioned on > [1] would not apply to requests, or possibly not, so I > suspect there is something to say here. If that analysis > was not done, I think someone ought look at it. If that > analysis was done, shouldn't there be some mention here? > > [1] http://breachattack.com/ > > > > -- Mark Nottingham https://www.mnot.net/Received on Thursday, 3 September 2015 00:53:24 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:46 UTC