- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 7 May 2014 11:10:47 -0700
- To: Greg Wilkins <gregw@intalio.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 7 May 2014 07:45, Greg Wilkins <gregw@intalio.com> wrote: > But why does the padding data created to protect against that have to be > within the data frame? This appears to a be a needless complication as the > extra data can be sent either in ping frames or even in an additional > stream. Two concerns meant that early proposals to add a PADDING frame were not successful: The first is with respect to the size of padding. Whole frames are, at a minimum, 8 octets. You can't pad by smaller increments. That was considered to be counter to the goal. The second is with the creation of side channels. Information on other streams or in other frames will not generate flow control indicates, which generates a potential method of inferring the true size. Information that is easily discarded might create timing channels. > PS. I can already imagine the abusive uses of the protocol [...] I'm certain that this protocol will be abused roughly in proportion to how successful it is.
Received on Wednesday, 7 May 2014 18:11:14 UTC