- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 3 Sep 2015 10:52:46 +1000
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: The IESG <iesg@ietf.org>, Mark Nottingham <mnot@pobox.com>, ietf-http-wg@w3.org
Something like this, perhaps? http://httpwg.github.io/specs/rfc7540.html#rfc.section.10.6 Cheers, > On 3 Sep 2015, at 1:39 am, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Stephen Farrell has entered the following ballot position for > draft-ietf-httpbis-cice-02: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-httpbis-cice/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > > Did anyone think through the potential for this kind of > change to interact with attacks like BREACH? [1] It > looks like at least some of the mitigations mentioned on > [1] would not apply to requests, or possibly not, so I > suspect there is something to say here. If that analysis > was not done, I think someone ought look at it. If that > analysis was done, shouldn't there be some mention here? > > [1] http://breachattack.com/ > > > > -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 3 September 2015 00:53:24 UTC