W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: New Version Notification for draft-snell-httpbis-keynego-01.txt

From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Date: Wed, 20 Nov 2013 06:30:05 +0200
To: Roberto Peon <grmocg@gmail.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20131120043005.GB3569@LK-Perkele-VII>
On Tue, Nov 19, 2013 at 05:03:35PM -0800, Roberto Peon wrote:

> reducing jitter and increasing throughput/goodput. Exposing the
> framing/length of things that would be in an encrypted-by-TLS bytestream
> today, however, does worry me-- it makes BEAST/CRIME-like attacks
> significantly more difficult to protect against.

You mean BREACH/CRIME (the two attacks exploiting compression), right?
BEAST was bad use of CBC mode and has seemingly nothing to do with
compression.

Also, I don't think even HTTP/2.0 style muxing would help with
adaptive compression attacks (like BREACH and CRIME) unless the
target site is being actively used.

-Ilari
Received on Wednesday, 20 November 2013 04:30:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC