Re: Stuck in a train -- reading HTTP/2 draft.

On Jun 16, 2014 6:49 PM, "Matthew Kerwin" <matthew@kerwin.net.au> wrote:
> I am not a security person, and this is purely spit-balling, but how
about a hybrid? First n bytes must be <sentinel value, maybe zeroes>,
remainder is random/ignored.​ That way you get to detect bad packing, but
also hopefully get to mess with known-plaintext stuff. However it's more
words and more code, and I have no idea if it's worth it.

The other thing to note I'd that if you actually have IND-CCA (look it up,
you need it, it's foundational), then you are dealing with the possibility
that plaintext is all x for any value of x. And I try not to be inventive
when it comes to security mechanisms.

Yes, it is the case that padding has been attacked, but I'm inclined to
trust that TLS can handle this one.

Received on Tuesday, 17 June 2014 02:52:42 UTC