Re: Some general thought on CRIME and Compression and Headers
Nico Williams <nico@cryptonector.com> Mon, 14 January 2013 16:02 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7F0121F88C4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 Jan 2013 08:02:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.977
X-Spam-Level:
X-Spam-Status: No, score=-5.977 tagged_above=-999 required=5 tests=[AWL=4.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7scDIH17Ysy for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 Jan 2013 08:02:02 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id D3E9E21F88AE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 14 Jan 2013 08:02:02 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1TumSg-0005d1-FL for ietf-http-wg-dist@listhub.w3.org; Mon, 14 Jan 2013 16:00:34 +0000
Resent-Date: Mon, 14 Jan 2013 16:00:34 +0000
Resent-Message-Id: <E1TumSg-0005d1-FL@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1TumSd-0005bk-AE for ietf-http-wg@listhub.w3.org; Mon, 14 Jan 2013 16:00:31 +0000
Received: from caiajhbdccac.dreamhost.com ([208.97.132.202] helo=homiemail-a31.g.dreamhost.com) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <nico@cryptonector.com>) id 1TumSX-0003ti-30 for ietf-http-wg@w3.org; Mon, 14 Jan 2013 16:00:31 +0000
Received: from homiemail-a31.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a31.g.dreamhost.com (Postfix) with ESMTP id 4AF3D2916C1 for <ietf-http-wg@w3.org>; Mon, 14 Jan 2013 08:00:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=bLjF6BnIu26KTzVkeTdB 9CruZx8=; b=pjvlEgjkSSw6bNZwb1W+olk7LVtqRPqNP8mrOkdZHmnQ+O73UXHG 0KKU3O2Exol5tC6TPlJL+y7Sol8ytwSMfszEDY4acxz8KpSlKwScTJYbNNqQ1NuB /Lw24f+tK7a2x1P3PXJsQHBL2lnGiKByhxqo7i5F/y64KD87WfC5TQM=
Received: from mail-we0-f176.google.com (mail-we0-f176.google.com [74.125.82.176]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a31.g.dreamhost.com (Postfix) with ESMTPSA id CDA2F202038 for <ietf-http-wg@w3.org>; Mon, 14 Jan 2013 08:00:02 -0800 (PST)
Received: by mail-we0-f176.google.com with SMTP id r5so2169775wey.35 for <ietf-http-wg@w3.org>; Mon, 14 Jan 2013 08:00:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.180.80.230 with SMTP id u6mr12772691wix.20.1358179201611; Mon, 14 Jan 2013 08:00:01 -0800 (PST)
Received: by 10.217.82.73 with HTTP; Mon, 14 Jan 2013 08:00:01 -0800 (PST)
In-Reply-To: <CABP7RbcUO4BphQS_j9uva3bFkWw5AAasSGkOMERjr249JONQPw@mail.gmail.com>
References: <CABP7RbcUO4BphQS_j9uva3bFkWw5AAasSGkOMERjr249JONQPw@mail.gmail.com>
Date: Mon, 14 Jan 2013 10:00:01 -0600
Message-ID: <CAK3OfOiY0UoEbchxz84VsBQ=-9fJxQVp=5CB3_yJwvQoitThwQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: James M Snell <jasnell@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: none client-ip=208.97.132.202; envelope-from=nico@cryptonector.com; helo=homiemail-a31.g.dreamhost.com
X-W3C-Hub-Spam-Status: No, score=-0.1
X-W3C-Hub-Spam-Report: DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001
X-W3C-Scan-Sig: maggie.w3.org 1TumSX-0003ti-30 11b6e5a624ee304d22368475c0f46840
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Some general thought on CRIME and Compression and Headers
Archived-At: <http://www.w3.org/mid/CAK3OfOiY0UoEbchxz84VsBQ=-9fJxQVp=5CB3_yJwvQoitThwQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/15860
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
See http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00 There's also a -00 of a protocol to meet the requirements laid out in the problem statement. It's got a few bugs, and also the intention is to discuss the problem statement first (on the WEBSEC WG list) then actual proposals (plural, we hope). But roughly the proposals all will tend to look roughly like "there's a session key and the requests [and possibly responses] will carry a nonce and a MAC of stuff, including the nonce, in the headers". Nico --
- Some general thought on CRIME and Compression and… James M Snell
- Re: Some general thought on CRIME and Compression… Frédéric Kayser
- Re: Some general thought on CRIME and Compression… Roberto Peon
- Re: Some general thought on CRIME and Compression… Poul-Henning Kamp
- Re: Some general thought on CRIME and Compression… Nico Williams
- Re: Some general thought on CRIME and Compression… Martin Thomson