- From: <K.Morgan@iaea.org>
- Date: Thu, 4 Sep 2014 09:22:07 +0000
- To: <phk@phk.freebsd.dk>, <brian@briansmith.org>
- CC: <fielding@gbiv.com>, <ietf-http-wg@w3.org>
On Thursday,04 September 2014 09:50, phk@phk.freebsd.dk wrote: > > The most practical way to pad header-sets would be to define a Pad: > header. +1 > All in all, it is not obvious to me that all that complexity would add significant security value over the true and KISS end-to-end > solution: Browsers emit a random sized "Junk:" header on all TLS requests, and servers respond in kind. +1 > I think we should remove padding from the HTTP/2 frames. > On the other hand, I think there is good value in Roys proposal for a hop-to-hop "NO-OP" frame type, if nothing else for debugging. > Specific implementations which know they have full and true end-to-end visibility can obviously use that to implement hop-by-hop padding. +1 This email message is intended only for the use of the named recipient. Information contained in this email message and its attachments may be privileged, confidential and protected from disclosure. If you are not the intended recipient, please do not read, copy, use or disclose this communication to others. Also please notify the sender by replying to this message and then delete it from your system.
Received on Thursday, 4 September 2014 09:22:44 UTC