ietf
[Top] [All Lists]

Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10

2015-01-23 06:21:53


On 23/01/15 02:12, Martin Thomson wrote:
I definitely want to avoid making prescriptive statements about what to
protect, even couched as suggestions. However, I think that a more generic
statement that describes the characteristics of a header that might need
protection is definitely a good idea.

If Herve doesn't get there first, I can purpose text that concentrates on
the coincidence of secret and small/easy-to-guess..

Yep, that'd be a good addition I'd say, so long as you
couch those characteristics as being the ones we know
about today that contraindicate compression. Who knows
what new attacks folks might find in future now that
attention has been drawn to this.

Cheers,
S.

On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari(_dot_)arkko(_at_)piuha(_dot_)net> 
wrote:

Thanks for the response. I think this may slightly enhance the feeling
that the list may not be needed.

Jari




<Prev in Thread] Current Thread [Next in Thread>