Hello,
Just jumped over here from the http list per Yoav Nir's request for
feedback with regards to the draft-williams-websec-session-continue-prob
draft.
Overall I think the draft is a good start. There definitely does need to be
more of an explanation as to why the existing cookie-based mechani
Hi
I've shown this draft to a co-worker of mine (not on this list), and asked for
a review. Here's some comments:
- Overall, this is an interesting problem.
- The document is missing a list of deficiencies with using Cookies
- Section 2.1 says that TLS protects against replay. Really? How? I