W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2019

Re: New I-D: Security Considerations Regarding Compression Dictionaries

From: W. Felix Handte <w@felixhandte.com>
Date: Wed, 30 Oct 2019 12:15:22 -0400
To: ietf-http-wg@w3.org
Message-ID: <0a7e4dad-d86b-ebf5-6c7f-781afba3af3e@felixhandte.com>
On 10/30/19 5:43 AM, Soni L. wrote:
> So, what you're saying, is that this wouldn't be an issue if we were 
> using public-key-based authentication and session tokens?
> 
> Like this? https://soniex2.autistic.space/posts/2019/06/uweb.xhtml (or, 
> perhaps, this? https://awoo.space/@SoniEx2/102972533369915352 )

Secret tokens (passwords, keys, cookies, etc.) are likely the most 
important kind of content to protect, but also definitely not the only 
kind. Message bodies themselves may contain secrets worth attacking 
(credit card numbers).
Received on Wednesday, 30 October 2019 16:15:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:15:43 UTC