- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Sat, 7 Mar 2015 17:45:40 +0200
- To: Bob Briscoe <bob.briscoe@bt.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, Mike Belshe <mbelshe@chromium.org>, "fenix@google.com" <fenix@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Sat, Mar 07, 2015 at 03:15:33PM +0000, Bob Briscoe wrote: > > If, as in HTTP/2, the length of the padding field is given in the protocol > header (which is then encrypted), I believe the padding can be arbitrary, > and I assume it's best for the padding not to be structured (predictable). Any encryption algorithm that is anywhere even near secure can easily deal with predictable padding (any that have problem with it should be phased out immediately). Protocols are usually full of known plaintext anyway. And random padding actually causes problems (possibility of data leakage). -Ilari
Received on Saturday, 7 March 2015 15:46:06 UTC