> -----Original Message----- > From: [email protected] [...] > 2. When sending data from client to server (not the other way) The client > generates a 32-bit random number. > This random number is stored in plain text in the header of each frame. > The data is XOR-ed with that 32-bit random number. > > The server takes the 32-bit random number from the header and XORs it > with the payload to get to the original data. > > I really fail to see what the intention is of this mechanism. I really fail > to see > what could make this communication 'secure'.
Not that I'm into this, but the attack vector that this tries to prevent is described in section 10.3: http://tools.ietf.org/html/rfc6455#section-10.3 So, the entropy basically ensures that malfunctioning proxy servers do not cache the content ... Regards Kai _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
