- From: Smith, Kevin, (R&D) Vodafone Group <Kevin.Smith@vodafone.com>
- Date: Thu, 7 Jan 2016 10:03:31 +0000
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hi all, Just seen the 'HTTPS BICYCLE attack' study [1], which claims that 'the redundancy of the plaintext HTTP headers included in each and every request can be exploited in order to reveal the length of particular components (such as passwords) of particular requests' Although I've not seen any further analysis to verify the study, would it be correct to think that HTTP/2's support of sending only header deltas would mitigate such an attack? Many thanks, Kevin [1] https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
Received on Thursday, 7 January 2016 10:05:01 UTC