- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 21 Feb 2014 11:16:21 -0800
- To: Albert Lunde <atlunde@panix.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 21 February 2014 11:02, Albert Lunde <atlunde@panix.com> wrote: > Another question is whether compression schemes introduce side channels > better to attack TLS. Yes, there is a concern here. That's why we have padding. There are also other tools HTTP/2 provides, like push, that help mitigate these attacks. I think that it would be best if we left this problem to our friends in TLS and websec and other more qualified groups. If at some point they come to us and say "we have decided to forbid compression" or, more likely, "you are going to have to do the following things if you want to use compression", then we will have to consider our options.
Received on Friday, 21 February 2014 19:16:49 UTC