Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 23 January 2015 12:21 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 493361A909B; Fri, 23 Jan 2015 04:21:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id powPSeB0zhO2; Fri, 23 Jan 2015 04:21:31 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A1C81A1A15; Fri, 23 Jan 2015 04:21:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BE307BF06; Fri, 23 Jan 2015 12:21:29 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KrYqTPLA5K9s; Fri, 23 Jan 2015 12:21:29 +0000 (GMT)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3FF6EBEFC; Fri, 23 Jan 2015 12:21:25 +0000 (GMT)
Message-ID: <54C23CC5.7050901@cs.tcd.ie>
Date: Fri, 23 Jan 2015 12:21:25 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>, Jari Arkko <jari.arkko@piuha.net>
References: <CE03DB3D7B45C245BCA0D243277949362DE459@MX104CL02.corp.emc.com> <CABkgnnUwNQUcFg5w5HFpSQrAUxtbqG_UN-_WDGop1eqqoCS+Aw@mail.gmail.com> <1421779730757.42642@crf.canon.fr> <CE03DB3D7B45C245BCA0D243277949362E9050@MX104CL02.corp.emc.com> <B42673AB-2819-42F5-BC63-6418449FC030@piuha.net> <54C13996.2030906@crf.canon.fr> <0A78F531-9E8E-4ED1-BD8F-AAE70684DB24@piuha.net> <CABkgnnVBCK-yy9WitKCVqitcXssOHgBc2c+3UeRO09mAHa3A8Q@mail.gmail.com>
In-Reply-To: <CABkgnnVBCK-yy9WitKCVqitcXssOHgBc2c+3UeRO09mAHa3A8Q@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/TiOLycQsGeSEluEB0ofhYaFbcWU>
Cc: ietf@ietf.org, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "fenix@google.com" <fenix@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, Hervé Ruellan <herve.ruellan@crf.canon.fr>
Subject: Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2015 12:21:32 -0000
On 23/01/15 02:12, Martin Thomson wrote: > I definitely want to avoid making prescriptive statements about what to > protect, even couched as suggestions. However, I think that a more generic > statement that describes the characteristics of a header that might need > protection is definitely a good idea. > > If Herve doesn't get there first, I can purpose text that concentrates on > the coincidence of secret and small/easy-to-guess.. Yep, that'd be a good addition I'd say, so long as you couch those characteristics as being the ones we know about today that contraindicate compression. Who knows what new attacks folks might find in future now that attention has been drawn to this. Cheers, S. > On Jan 22, 2015 3:17 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote: > >> Thanks for the response. I think this may slightly enhance the feeling >> that the list may not be needed. >> >> Jari >> >> >
- [Gen-art] Gen-ART and OPS-Dir review of draft-iet… Black, David
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Martin Thomson
- [Gen-art] IANA considerations, was: Gen-ART and O… Julian Reschke
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… RUELLAN Herve
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Martin Thomson
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Black, David
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Jari Arkko
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Hervé Ruellan
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Hervé Ruellan
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Jari Arkko
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Martin Thomson
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Stephen Farrell
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Hervé Ruellan
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Jari Arkko
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Stephen Farrell
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Black, David
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Roberto Peon
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Hervé Ruellan
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Hervé Ruellan
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Roberto Peon
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Roberto Peon