As I said compression is not the only condition that needs to be met for this attack to work. The browser needs to make requests to other sites, automatically, e.g. via an img src tag. As for HTTPS, nothing requires me…
I never used the word hate. I never said I liked SSL either.
I agree with your comments. Yes I know about repeated headers but as I explained I've actually found a use for them. I do pipelining everyday. I don't think "Gee, these repeated headers are really eating up my…
"when compression is enabled" SPDY compresses everything, together, by default. CRIME relies on lots of things, one of which is a browser that makes requests for offsite resources automatically. Sure, Chrome does that,…
I've never been attracted to SPDY as I have doing HTTP 1.1 pipelining for years before SPDY appeared. It's great for getting lots of data from the same source, though I don't know about the way typical webpages are…
As I said compression is not the only condition that needs to be met for this attack to work. The browser needs to make requests to other sites, automatically, e.g. via an img src tag. As for HTTPS, nothing requires me…
I never used the word hate. I never said I liked SSL either.
I agree with your comments. Yes I know about repeated headers but as I explained I've actually found a use for them. I do pipelining everyday. I don't think "Gee, these repeated headers are really eating up my…
"when compression is enabled" SPDY compresses everything, together, by default. CRIME relies on lots of things, one of which is a browser that makes requests for offsite resources automatically. Sure, Chrome does that,…
I've never been attracted to SPDY as I have doing HTTP 1.1 pipelining for years before SPDY appeared. It's great for getting lots of data from the same source, though I don't know about the way typical webpages are…