Re: h2 padding

On 3 September 2014 15:31, Brian Smith <> wrote:
> But, draft 14 doesn't say that.

Woah nelly, we don't mandate that for a number of reasons.

Firstly, because of what Roberto said.  Sometimes padding is added for
the purposes of enhancement.  For instance, we might have two backends
that might perform their own padding, but there might be resources
from each of those that we want to ensure are indistinguishable.  A
reverse proxy can add padding to ensure that.  That sort of additive
padding only increases the size of the anonymity set, which can't be
worse (though it may not be better, certainly.)

Similarly, a proxy serving many clients might want to prevent
length-based correlation between client-side and origin-server-side
exchanges by adding padding.

We don't want to prohibit those cases.  Generally speaking, the people
making the changes know better than we do.  Therefore, we use a SHOULD
and recommend that intermediaries not remove padding.

> So, we have to assume some implementations will choose to split
> the data stream at the frame boundary.

Let us be very careful to distinguish between potentially more secure
because we are providing the necessary tools and more secure even when
people do the wrong thing.  We're not aiming for the latter here.

Received on Wednesday, 3 September 2014 22:46:27 UTC