W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: Padding for PUSH_PROMISE frames

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 13 Feb 2014 23:42:08 -0800
Message-ID: <CAP+FsNe2k8fMw5o_uqwKPr+qQuy6v-RVP9yNUwmNyn7eXEV=qw@mail.gmail.com>
To: Jeff Pinner <jpinner@twitter.com>
Cc: Nicholas Hurley <hurley@todesschaf.org>, IETF HTTP WG <ietf-http-wg@w3.org>
I can see an argument for it but... meh. Padding is not a security feature
unless it is used right. Adding it everywhere doesn't really help that, and
opens up stuff even wider for abuse in the myriad cases where it has no
real security benefit.


On Thu, Feb 13, 2014 at 9:39 PM, Jeff Pinner <jpinner@twitter.com> wrote:

> Should we consider adding padding to all frames?
> We have two bits reserved at the beginning of the length field that we
> could use for the two padding flags, independent of frame type.
> On Thu, Feb 13, 2014 at 9:26 PM, Nicholas Hurley <hurley@todesschaf.org>wrote:
>> All,
>> Right now (as of draft-10), DATA, HEADERS, and CONTINUATION frames can
>> contain padding to obscure the actual size of the data being sent. I
>> believe it would make sense to also add the option for padding to
>> PUSH_PROMISE frames, as they carry (pretty much) the same type of payload
>> as HEADERS frames, and can benefit from padding in the same way.
>> I can make a pull request if others think this is a good idea.
>> Thoughts?
>> -Nick
Received on Friday, 14 February 2014 07:42:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC