Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reducing options for application servers #1

Merged
merged 2 commits into from
Oct 19, 2015
Merged

Conversation

martinthomson
Copy link
Contributor

@beverloo was unhappy about the freedom we offered. This doesn't remove the header field separation, but it removes most of it.

An application server MUST NOT use other content encodings for push messages.
In particular, content encodings that compress could result in leaking of push
message contents. The Content-Encoding header field therefore has exactly one
value, which is `aesgcm128`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "exactly one value" line linguistically confirms this, but since the beginning of this paragraph focuses on other content encodings rather than repeated content encodings, we disallow multiple rounds of aesgcm128 as well, right?

(HTTP encryption coding has an example that demonstrates this: https://tools.ietf.org/html/draft-thomson-http-encryption-01#section-5.3)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'll clarify that point too. Thanks.

@beverloo
Copy link
Contributor

Thank you, Martin! This looks good to me.

martinthomson added a commit that referenced this pull request Oct 19, 2015
Reducing options for application servers
@martinthomson martinthomson merged commit 2e657c1 into master Oct 19, 2015
@martinthomson martinthomson deleted the peterb_review branch October 19, 2015 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants