At Mon, 2 Nov 2009 11:07:40 -0500, Steve Kent wrote: > > I am not sure what motivates Rob to say that he is not convinced > about the extent of the session security offered by HTTPS. (Is it > related to the session resumption feature in TLS?)
Nope. It's related to HTTP not really having any such thing as a session to protect. It is of course possible that we all (or perhaps just I) misunderstood your advice, in which case please expound. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
