undefined | Better HN

0 pointslayer84y ago0 comments

> allow cookies to be shared between secure sites using the same certificate

Or maybe encrypting cookies using the site certificate, which would still allow cookies to be shared with domains having a different certificate, but the server needs the correct key for decryption.

0 comments

4 comments · 2 top-level

exo7624y ago· 2 in thread

Ciphertext leaks information via its size and its presence / absence.

dylan6044y ago

yeah and so? how is this information useful? if the actual useful information is encrypted, then size is meaningless as it is just random text until decrypted. presence/absence? you have a cookie or you don't?

recursive4y ago

You say the size is meaningless. But sometimes it may actually be meaningful. And presence/absence is information also. Not much, but it definitely exists.

1 more reply

Thorrez4y ago

Sounds like it'll make key rotation tricky.

Also it'll likely break javascript access to the cookies.

j / k navigate · click thread line to collapse