- From: 山本和彦 <kazu@iij.ad.jp>
- Date: Mon, 24 Feb 2014 11:53:27 +0900 (JST)
- To: ietf-http-wg@w3.org
Hi, If I understand correctly, the padding mechanism were added in HTTP/2 to try to solve the problem of the brute force attack against HPACK. But I cannot tell how to use it from the spec of HTTP/2. Suppose that 100-bytes cookie are in the header tables. To prevent an attacker from noticing that a tried cookie value is matched to the header table, I think that about 100-bytes padding should be added. So, the compression ratio is offset by the padding. Do I understand correctly? Or am I missing something? --Kazu
Received on Monday, 24 February 2014 02:53:52 UTC