W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Frame Length Restrictions

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 21 Apr 2014 17:10:44 -0700
Message-ID: <CABkgnnU+3+o8D92rAsefzbUy81+vEN-Gz1LSfrdkr4b=A2ArrA@mail.gmail.com>
To: Jeff Pinner <jpinner@twitter.com>
Cc: Johnny Graettinger <jgraettinger@chromium.org>, Patrick McManus <mcmanus@ducksong.com>, K.Morgan@iaea.org, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 21 April 2014 17:01, Jeff Pinner <jpinner@twitter.com> wrote:
> My assumption here, is similar to BREACH, user input can be reflected in
> HTTP response bodies, which the upstream servers naively split into 16K data
> frames using whatever HTTP/2 library they have chosen.

Presumably you could take those 16K frames and split them into 16K-9
frames before adding padding.  You could even ask the upstream servers
not to produce 16K frames.  You could even ask the upstream servers to
pad properly.
Received on Tuesday, 22 April 2014 00:11:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC