search

ietf-wg-ohai / draft-ohai-chunked-ohttp

Other
0 stars 2 forks source link

Discuss interaction of replayability and interactivity #27

Open tfpauly opened 5 hours ago

tfpauly commented 5 hours ago

https://github.com/ietf-wg-ohai/draft-ohai-chunked-ohttp/pull/25#pullrequestreview-2370940482

From @martinthomson 's comment:

If a message can be replayed, then how that is replayed might be exploited by a malicious relay to effect change.

Maybe we need to do a little more analysis on that aspect of this. A section on interactivity and replay might help expound on those risks.

tfpauly commented 5 hours ago

My understanding is that in the cases where there is no interaction, just a chunked response after a request completes, there isn't any new impact of a malicious replay by a relay (assuming the request is idempotent).

In the interactive case, agreed that more analysis would be good.