W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

padding and compression

From: 山本和彦 <kazu@iij.ad.jp>
Date: Mon, 24 Feb 2014 11:53:27 +0900 (JST)
Message-Id: <20140224.115327.558778985617764239.kazu@iij.ad.jp>
To: ietf-http-wg@w3.org

If I understand correctly, the padding mechanism were added in HTTP/2
to try to solve the problem of the brute force attack against
HPACK. But I cannot tell how to use it from the spec of HTTP/2.

Suppose that 100-bytes cookie are in the header tables. To prevent an
attacker from noticing that a tried cookie value is matched to the
header table, I think that about 100-bytes padding should be added.

So, the compression ratio is offset by the padding. Do I understand
correctly? Or am I missing something?

Received on Monday, 24 February 2014 02:53:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC