[Cfrg] SCS draft
thomas fossati <tho@koanlogic.com> Fri, 29 September 2006 18:34 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GTNBv-00016H-RN; Fri, 29 Sep 2006 14:34:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GTNBu-00016B-Aw for cfrg@ietf.org; Fri, 29 Sep 2006 14:34:30 -0400
Received: from [69.60.118.166] (helo=gonzo.koanlogic.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GTNBs-0003Vw-0G for cfrg@ietf.org; Fri, 29 Sep 2006 14:34:30 -0400
Received: from [10.0.1.5] (81-208-83-250.fastres.net [81.208.83.250]) (authenticated bits=0) by gonzo.koanlogic.com (8.13.4/8.13.4/Debian-3) with ESMTP id k8TIYHdY019267 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Fri, 29 Sep 2006 14:34:20 -0400
Mime-Version: 1.0 (Apple Message framework v624)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <fddd2154f21ab67b0c772cd36b3be441@koanlogic.com>
Content-Transfer-Encoding: 7bit
From: thomas fossati <tho@koanlogic.com>
Date: Fri, 29 Sep 2006 20:33:55 +0200
To: cfrg@ietf.org
X-Mailer: Apple Mail (2.624)
X-Spam-Score: 1.9 (+)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc: Steven Dorigotti <stewy@koanlogic.com>, Stefano Barbato <tat@koanlogic.com>
Subject: [Cfrg] SCS draft
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
We have quite recently developed a technique that allows for cookie
based HTTP sessions even on zero-storage devices (this is mainly
intended for the embedded world).
Basically all the "session" cookies - i.e. cookies which hold a given
session state - are transformed into untamperable tokens (via an
authenticated encryption scheme) and pushed to the client which
transparently stores them. When a new client-server exchange takes
place, the cookies are sent back to the server where they are unpacked
and examined. If they are still "good", the state is updated and the
session goes on, otherwise it is dropped.
Anyway, all the details are found at the following URL:
http://www.ietf.org/internet-drafts/draft-barbato-scs-00.txt
If any of you would like to review and comment on it, that would be
very appreciated (the spec is quite compact, and should be quick to
read).
TIA, t.
_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] SCS draft thomas fossati
- Re: [Cfrg] SCS draft David Wagner
- Re: [Cfrg] SCS draft thomas fossati
- Re: [Cfrg] SCS draft David Wagner
- Re: [Cfrg] SCS draft Ben Laurie
- Re: [Cfrg] SCS draft thomas fossati