- From: Blaine Cook <romeda@gmail.com>
- Date: Tue, 18 Sep 2012 17:22:01 -0400
- To: ☮ elf Pavlik ☮ <perpetual-tripper@wwelves.org>
- Cc: public-fedsocweb <public-fedsocweb@w3.org>
That looks like a temporary bug, not a fundamental flaw – if it is, we're all hopelessly screwed. ;-) b. On 18 September 2012 17:13, ☮ elf Pavlik ☮ <perpetual-tripper@wwelves.org> wrote: > Excerpts from Blaine Cook's message of 2012-09-17 20:00:49 +0000: >> I have only one very short thing to add to this conversation: "SPDY". > i've seen SPDY recently mentioned here: http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/ > "[...]Even when a browser is vulnerable, an HTTPS session can only be hijacked when one of those browsers is used to connect to a site that supports SPDY or TLS compression."
Received on Tuesday, 18 September 2012 21:22:49 UTC