W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: h2 padding

From: Brian Smith <brian@briansmith.org>
Date: Wed, 3 Sep 2014 15:47:33 -0700
Message-ID: <CAFewVt4QEkJ9p4L8zrcJkLKyk7F6PvBgA0NvBnA6+ru2zc143Q@mail.gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Sep 3, 2014 at 3:31 PM, Brian Smith <brian@briansmith.org> wrote:
> In order for padding to be a useful security feature, it must provide
> end-to-end protection. That is, when the origin server sends
> data||padding, that data||padding needs to be preserved and processed
> as a single unit through all hops (i.e. by any/all proxies).

Sorry, allow me to correct myself here: It isn't true that the
data||padding needs to be preserved and processed as a single unit;
that is stricter than necessary. Instead, the padding needs to be
preserved, and if the data||padding is chopped up into smaller pieces,
that must be done independently of the boundary between the data and
the padding. But, note that the proposal to put padding in a separate
frame actually *encourages* chopping the data between the data and the
padding, and probably also encourages dropping the padding, which are
exactly the two things one must not do.

Cheers,
Brian
Received on Wednesday, 3 September 2014 22:48:00 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC