Re: Padding for PUSH_PROMISE frames from Ryan Hamilton on 2014-02-14 (ietf-http-wg@w3.org from January to March 2014)

From: Ryan Hamilton <rch@google.com>
Date: Fri, 14 Feb 2014 14:33:09 -0800
To: Roberto Peon <grmocg@gmail.com>
Cc: Nicholas Hurley <hurley@todesschaf.org>, IETF HTTP WG <ietf-http-wg@w3.org>, Jeff Pinner <jpinner@twitter.com>
Message-ID: <CAJ_4DfSjd3=jQg67=BUYYvp5RKBW1PqEXyuEd3HDRcrN0ea_Ew@mail.gmail.com>

Ah, right!  Good point.


On Fri, Feb 14, 2014 at 2:13 PM, Roberto Peon <grmocg@gmail.com> wrote:

> Consider? Sure, however the downside is that we lose information because
> we have a minimum padding of 8 bytes instead of of minimum padding of 1
> byte.
> I believe that there would probably be interesting side-channel attacks
> against the padding mechanism if it was always a minimum of 8 bytes unless
> we added padding to 8-byte-boundaries to all frames..
> .. and that would be a waste.
>
> -=R
>
>
> On Fri, Feb 14, 2014 at 2:11 PM, Ryan Hamilton <rch@google.com> wrote:
>
>> Would it make sense to consider adding an explicit padding frame instead
>> of adding padding *to* existing frames?
>>
>>
>> On Fri, Feb 14, 2014 at 2:06 PM, Roberto Peon <grmocg@gmail.com> wrote:
>>
>>> Yup. Padding should be on any frame including a headers block, plus the
>>> data frame.
>>> -=R
>>>
>>>
>>> On Fri, Feb 14, 2014 at 2:01 PM, Nicholas Hurley <hurley@todesschaf.org>wrote:
>>>
>>>> I thought about adding padding to everything, but like Roberto said, it
>>>> gets even trickier to do correctly (i.e., without messing up the security
>>>> properties), and it seems a little silly to me to add padding to a frame
>>>> that has a constant size. Adding it to PUSH_PROMISE, though, allows hiding
>>>> the true size of the promised headers, and makea processing of both that
>>>> and HEADERS frames almost the same, conceivably simplifying  implementation.
>>>>  I can see an argument for it but... meh. Padding is not a security
>>>> feature unless it is used right. Adding it everywhere doesn't really help
>>>> that, and opens up stuff even wider for abuse in the myriad cases where it
>>>> has no real security benefit.
>>>>
>>>> -=R
>>>>
>>>>
>>>> On Thu, Feb 13, 2014 at 9:39 PM, Jeff Pinner <jpinner@twitter.com>wrote:
>>>>
>>>>> Should we consider adding padding to all frames?
>>>>>
>>>>> We have two bits reserved at the beginning of the length field that we
>>>>> could use for the two padding flags, independent of frame type.
>>>>>
>>>>>
>>>>> On Thu, Feb 13, 2014 at 9:26 PM, Nicholas Hurley <
>>>>> hurley@todesschaf.org> wrote:
>>>>>
>>>>>> All,
>>>>>>
>>>>>> Right now (as of draft-10), DATA, HEADERS, and CONTINUATION frames
>>>>>> can contain padding to obscure the actual size of the data being sent. I
>>>>>> believe it would make sense to also add the option for padding to
>>>>>> PUSH_PROMISE frames, as they carry (pretty much) the same type of payload
>>>>>> as HEADERS frames, and can benefit from padding in the same way.
>>>>>>
>>>>>> I can make a pull request if others think this is a good idea.
>>>>>>
>>>>>> Thoughts?
>>>>>> -Nick
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>

Received on Friday, 14 February 2014 22:33:37 UTC