- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Wed, 20 Nov 2013 06:30:05 +0200
- To: Roberto Peon <grmocg@gmail.com>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Tue, Nov 19, 2013 at 05:03:35PM -0800, Roberto Peon wrote: > reducing jitter and increasing throughput/goodput. Exposing the > framing/length of things that would be in an encrypted-by-TLS bytestream > today, however, does worry me-- it makes BEAST/CRIME-like attacks > significantly more difficult to protect against. You mean BREACH/CRIME (the two attacks exploiting compression), right? BEAST was bad use of CBC mode and has seemingly nothing to do with compression. Also, I don't think even HTTP/2.0 style muxing would help with adaptive compression attacks (like BREACH and CRIME) unless the target site is being actively used. -Ilari
Received on Wednesday, 20 November 2013 04:30:29 UTC