[cryptography] not a Paypal phish using EV certificate

Seth David Schoen schoen at eff.org
Tue Aug 13 19:38:30 EDT 2013


James A. Donald writes:

> Although websites often use huge numbers of huge cookies, one can
> easily optimize one's cookie use.  I can see no reason why anyone
> would ever need more than a single 96 bit cookie that is a random
> number.

They might want to make the content and purpose of the cookie
transparent to the user, and perhaps even reassure the user that
the cookie can't easily be used as a unique identifier for the
user's browser.

On the flip side, there are also some mechanisms to store
authenticated, encrypted session state in its entirety on the
client in order to _avoid_ storing it in a database on the
server.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107


More information about the cryptography mailing list