- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sun, 14 May 2017 11:02:42 +1000
- To: Stefan Eissing <stefan.eissing@greenbytes.de>
- Cc: Willy Tarreau <w@1wt.eu>, Kazuho Oku <kazuhooku@gmail.com>, Mark Nottingham <mnot@mnot.net>, Erik Nygren <erik@nygren.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, "Ponec, Miroslav" <mponec@akamai.com>, "Kaduk, Ben" <bkaduk@akamai.com>
On 12 May 2017 at 18:21, Stefan Eissing <stefan.eissing@greenbytes.de> wrote: > I am more and more thinking that we need no safe-set definition. It seems > that clients and servers will have specific ideas about what to send and > what to accept in early data. Yes, this is going to be subjective. The great thing about the strategy that we have here is that nothing is vulnerable to replay unless both client and server agree to that risk. It's much trickier for intermediaries, who make this decision without a great deal of information, but the calculus is still fundamentally the same.
Received on Sunday, 14 May 2017 01:03:17 UTC