W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Why do DATA frames have padding?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 7 May 2014 11:10:47 -0700
Message-ID: <CABkgnnWZ7VxpOfFSKQOk2FQPHCC2amGvc01EDS+kYv6YBNOEhw@mail.gmail.com>
To: Greg Wilkins <gregw@intalio.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 7 May 2014 07:45, Greg Wilkins <gregw@intalio.com> wrote:
> But why does the padding data created to protect against that have to be
> within the data frame?  This appears to a be a needless complication as the
> extra data can be sent either in ping frames or even in an additional
> stream.

Two concerns meant that early proposals to add a PADDING frame were
not successful:

The first is with respect to the size of padding.  Whole frames are,
at a minimum, 8 octets.  You can't pad by smaller increments.  That
was considered to be counter to the goal.

The second is with the creation of side channels.  Information on
other streams or in other frames will not generate flow control
indicates, which generates a potential method of inferring the true
size.  Information that is easily discarded might create timing
channels.

> PS.  I can already imagine the abusive uses of the protocol [...]

I'm certain that this protocol will be abused roughly in proportion to
how successful it is.
Received on Wednesday, 7 May 2014 18:11:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC