|
|
|
|
|
|
by dcow
964 days ago
|
|
|
Yeah I think the proposal should add some optional binding of the web session to http resource semantics. Also re nonces if you only keep track of active nonces and have the server return a next-nonce, or use a counter like TLS, then you avoid the ugly need to keep track of seen nonces and only need to remember currently active nonces. |
|
|