On Tuesday 22 March 2016 10:45:32 Martin Thomson wrote: > On 22 March 2016 at 06:40, Hubert Kario <[email protected]> wrote: > > Only in theory, in practice you can do most of the same things in > > GET's as you can in POSTs. > > > > in other words, basically web frameworks can be made to modify > > server > > state upon receiving GET request > > Ahh yes, but it's not the *client's* fault if the server does that and > the client tries multiple times. The server is entirely responsible > for the consequences of state modification at that point.
true, but that means that a blanket statement like "Sending GET requests in 0-RTT data is safe" is untrue. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
