Re: New I-D: Security Considerations Regarding Compression Dictionaries from W. Felix Handte on 2019-10-30 (ietf-http-wg@w3.org from October to December 2019)

From: W. Felix Handte <w@felixhandte.com>
Date: Wed, 30 Oct 2019 12:15:22 -0400
To: ietf-http-wg@w3.org
Message-ID: <0a7e4dad-d86b-ebf5-6c7f-781afba3af3e@felixhandte.com>

On 10/30/19 5:43 AM, Soni L. wrote:
> So, what you're saying, is that this wouldn't be an issue if we were 
> using public-key-based authentication and session tokens?
> 
> Like this? https://soniex2.autistic.space/posts/2019/06/uweb.xhtml (or, 
> perhaps, this? https://awoo.space/@SoniEx2/102972533369915352 )

Secret tokens (passwords, keys, cookies, etc.) are likely the most 
important kind of content to protect, but also definitely not the only 
kind. Message bodies themselves may contain secrets worth attacking 
(credit card numbers).

Received on Wednesday, 30 October 2019 16:15:27 UTC