Closed
Bug 868551
Opened 11 years ago
Closed 10 years ago
Randomize the placement of the cookie header like opera does
Categories
(Core :: Networking: HTTP, enhancement)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: 133794m3r, Unassigned)
References
Details
(Keywords: sec-want, Whiteboard: [spdy])
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 Build ID: 20130326150557 Steps to reproduce: This is an enhacment, so I didn't do anything. Actual results: Same thing(I guess). Expected results: Opera apparently randomizes where it stores the Cookie:, header so it wasn't vunerable to the CRIME attack. Even though header compression isn't that useful for most people it'd still be something that would help(I believe).
Updated•11 years ago
|
Comment 1•10 years ago
|
||
we don't do upstream header compression in spdy (it is technically gzip formatted, but no compression is applied) and hpack in http/2 is not vulnerable to this
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•