- From: Martin Thomson <notifications@github.com>
- Date: Mon, 19 May 2025 18:58:31 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/pull/1094/review/2852324594@github.com>
@martinthomson commented on this pull request. > +thereby proving to the server that the browser still has access to the key pair. +The response to the second request refreshes any of the affected cookies. + +This adds two round trips of latency every time that a cookie refresh is needed. +While some amount of delay is likely unavoidable, having two additional requests is fairly heavyweight. + +We have an alternative below that doesn't require an interactive exchange. +However, given that TPMs generally don't have a clock, +you can't use the clock to ensure freshness. +A non-interactive exchange might have been pre-generated by an attacker +who temporarily had access to the TPM, unless it contains fresh entropy from the server. +That's something we address in more detail in the alternative design below, +noting that the alternative offers servers more options to combine requests to reduce latency, +where the proposal cannot. + +The proposal includes a redundant new session identifier field in requests. Fair. My intent was to say that this was redundant with cookies. The design isn't removing cookies, which could very easily identify a session, even when the session still requires a signature. ```suggestion The proposal includes a new session identifier field in requests. ``` -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/pull/1094#discussion_r2096712336 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/pull/1094/review/2852324594@github.com>
Received on Tuesday, 20 May 2025 01:58:35 UTC