Closed Bug 868551 Opened 11 years ago Closed 10 years ago

Randomize the placement of the cookie header like opera does

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Version:
20 Branch
Platform:
x86_64
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: 133794m3r, Unassigned)

References

Details

(Keywords: sec-want, Whiteboard: [spdy]) 

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130326150557

Steps to reproduce:

This is an enhacment, so I didn't do anything.


Actual results:

Same thing(I guess).


Expected results:

Opera apparently randomizes where it stores the Cookie:, header so it wasn't vunerable to the CRIME attack. Even though header compression isn't that useful for most people it'd still be something that would help(I believe).
Severity: normal → enhancement
Blocks: 785279
Component: Untriaged → Networking: HTTP
Keywords: sec-want
Product: Firefox → Core
Whiteboard: [spdy]
we don't do upstream header compression in spdy (it is technically gzip formatted, but no compression is applied) and hpack in http/2 is not vulnerable to this
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.