W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2019

Re: New I-D: Security Considerations Regarding Compression Dictionaries

From: Soni L. <fakedme+http@gmail.com>
Date: Wed, 30 Oct 2019 18:18:20 -0300
To: ietf-http-wg@w3.org
Message-ID: <11789461-c93b-fd75-8054-467889cdfe91@gmail.com>
(sorry, I seem to have made a mistake when posting this/replying the 
first time around.)

On 2019-10-30 1:15 p.m., W. Felix Handte wrote:
> On 10/30/19 5:43 AM, Soni L. wrote:
>> So, what you're saying, is that this wouldn't be an issue if we were 
>> using public-key-based authentication and session tokens?
>>
>> Like this? https://soniex2.autistic.space/posts/2019/06/uweb.xhtml 
>> (or, perhaps, this? https://awoo.space/@SoniEx2/102972533369915352 )
>
> Secret tokens (passwords, keys, cookies, etc.) are likely the most 
> important kind of content to protect, but also definitely not the only 
> kind. Message bodies themselves may contain secrets worth attacking 
> (credit card numbers).
>
Ah. Yeah. I forgot about that. .-.

(altho, probably in my ideal world my computer would have an NFC or 
chip-and-pin reader and the whole thing would be end-to-end encrypted 
between the parties. I don't get why we don't have those yet. but, 
anyway, I digress.)
Received on Wednesday, 30 October 2019 21:18:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:15:43 UTC