IETF Logo Mail Archive

Re: [hybi] Masking only Payload/Extension Data

"Pat McManus @Mozilla" <mcmanus@ducksong.com> Thu, 10 March 2011 15:03 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7519A3A69E0 for <hybi@core3.amsl.com>; Thu, 10 Mar 2011 07:03:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level:
X-Spam-Status: No, score=-2.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2mYPqPZoBh3n for <hybi@core3.amsl.com>; Thu, 10 Mar 2011 07:03:28 -0800 (PST)
Received: from linode.ducksong.com (linode.ducksong.com [64.22.125.164]) by core3.amsl.com (Postfix) with ESMTP id 784813A69CC for <hybi@ietf.org>; Thu, 10 Mar 2011 07:03:28 -0800 (PST)
Received: by linode.ducksong.com (Postfix, from userid 1000) id EFCB3102A6; Thu, 10 Mar 2011 10:04:45 -0500 (EST)
Received: from [192.168.16.226] (cpe-67-253-92-25.maine.res.rr.com [67.253.92.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by linode.ducksong.com (Postfix) with ESMTPSA id 727C010159; Thu, 10 Mar 2011 10:04:41 -0500 (EST)
From: "Pat McManus @Mozilla" <mcmanus@ducksong.com>
To: Joel Martin <hybi@martintribe.org>
In-Reply-To: <AANLkTik-TNXCMygBu3WqBHyhJWaG-XUTjCdXud9zHOgX@mail.gmail.com>
References: <4D77B885.5050109@callenish.com> <OF36FEDDC6.06951577-ON8825784E.0062343E-8825784E.0066AC27@playstation.sony.com> <AANLkTinau4g1pB_ccJ31u7WRi5npYtHvXE5YRn5uTbeV@mail.gmail.com> <AANLkTikB4YeaYiF_NVGn61c1YxpNWbmEWQZu1WcN+=Jf@mail.gmail.com> <1299704939.2606.238.camel@ds9.ducksong.com> <20110309214212.GA29190@1wt.eu> <AANLkTi=i=8aWg=6+T7=Kn5dWeKkW6MYVCH_CuNkt_ZMM@mail.gmail.com> <AANLkTimip9o0RoZaBfONCmg5nuJVWXjOKDKgAt8zrNVV@mail.gmail.com> <AANLkTikbFBeM6+hiURSBqxFyjc2Wc-yh8UJnZiO+U0JX@mail.gmail.com> <20110310103914.GA32389@1wt.eu> <AANLkTik-TNXCMygBu3WqBHyhJWaG-XUTjCdXud9zHOgX@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 10 Mar 2011 10:04:58 -0500
Message-ID: <1299769498.2606.252.camel@ds9.ducksong.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
Cc: Hybi <hybi@ietf.org>
Subject: Re: [hybi] Masking only Payload/Extension Data
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 15:03:29 -0000

On Thu, 2011-03-10 at 14:05 +0300, Joel Martin wrote:

> 
> I suspect most would agree that masking of everything is better than
> stalling the protocol any longer, but if Adam is the only objector and
> the browser folks are okay with masking only payload then perhaps we
> should move forward with it.

I object too. I think not masking the header gives up a minor security
benefit for an insubstantial benefit. None of the arguments about the
benefits of the change have convinced me they add up to very much.

http://www.ietf.org/mail-archive/web/hybi/current/msg06689.html
http://www.ietf.org/mail-archive/web/hybi/current/msg06705.html
http://www.ietf.org/mail-archive/web/hybi/current/msg06718.html


-- 
http://www.getfirefox.com/

v2.23.0 | Report a Bug | By Email