[Cfrg] SCS draft
thomas fossati <tho@koanlogic.com> Fri, 29 September 2006 18:34 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GTNBv-00016H-RN; Fri, 29 Sep 2006 14:34:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GTNBu-00016B-Aw for cfrg@ietf.org; Fri, 29 Sep 2006 14:34:30 -0400
Received: from [69.60.118.166] (helo=gonzo.koanlogic.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GTNBs-0003Vw-0G for cfrg@ietf.org; Fri, 29 Sep 2006 14:34:30 -0400
Received: from [10.0.1.5] (81-208-83-250.fastres.net [81.208.83.250]) (authenticated bits=0) by gonzo.koanlogic.com (8.13.4/8.13.4/Debian-3) with ESMTP id k8TIYHdY019267 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Fri, 29 Sep 2006 14:34:20 -0400
Mime-Version: 1.0 (Apple Message framework v624)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <fddd2154f21ab67b0c772cd36b3be441@koanlogic.com>
Content-Transfer-Encoding: 7bit
From: thomas fossati <tho@koanlogic.com>
Date: Fri, 29 Sep 2006 20:33:55 +0200
To: cfrg@ietf.org
X-Mailer: Apple Mail (2.624)
X-Spam-Score: 1.9 (+)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc: Steven Dorigotti <stewy@koanlogic.com>, Stefano Barbato <tat@koanlogic.com>
Subject: [Cfrg] SCS draft
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
We have quite recently developed a technique that allows for cookie based HTTP sessions even on zero-storage devices (this is mainly intended for the embedded world). Basically all the "session" cookies - i.e. cookies which hold a given session state - are transformed into untamperable tokens (via an authenticated encryption scheme) and pushed to the client which transparently stores them. When a new client-server exchange takes place, the cookies are sent back to the server where they are unpacked and examined. If they are still "good", the state is updated and the session goes on, otherwise it is dropped. Anyway, all the details are found at the following URL: http://www.ietf.org/internet-drafts/draft-barbato-scs-00.txt If any of you would like to review and comment on it, that would be very appreciated (the spec is quite compact, and should be quick to read). TIA, t. _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] SCS draft thomas fossati
- Re: [Cfrg] SCS draft David Wagner
- Re: [Cfrg] SCS draft thomas fossati
- Re: [Cfrg] SCS draft David Wagner
- Re: [Cfrg] SCS draft Ben Laurie
- Re: [Cfrg] SCS draft thomas fossati