Y
Hacker News
new
|
ask
|
show
|
jobs
by
cryptbe
4956 days ago
I'm so surprised that the security consideration section has no reference to CRIME [1], which has made Google and Mozilla to turn off SPDY's header compression in Chrome and Firefox.
[1]
https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZ...
1 comments
njs12345
4956 days ago
I think this version is basically SPDY 3. SPDY 4 (draft spec:
https://github.com/grmocg/SPDY-Specification/blob/gh-pages/d...
) uses a completely new header compression algorithm which is not susceptible to the attack used in CRIME.
link