Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
That said: is this an attack which can be addressed on the server side, or does it depend on client-side updates as mentioned in the article?
Any server-side defenses?
Posted Sep 13, 2012 21:26 UTC (Thu) by cyanit (guest, #86671)
Some non-compliant clients might perhaps not like it though, not sure.
Of course, this is suboptimal compared to the client avoiding compression of sensitive parts, but I'm not sure how the server could detect that the client is fixed.
Maybe the TLS standard should be amended to add new compression algorithm identifiers that tell the server that the client knows to securely compress HTTP requests.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds