- From: Peter Beverloo <beverloo@google.com>
- Date: Wed, 27 Jan 2016 18:47:21 +0000
- To: ietf-http-wg@w3.org, Martin Thomson <martin.thomson@gmail.com>
Received on Wednesday, 27 January 2016 18:47:52 UTC
Hi Martin, others, I have some comments in regards to draft-thomson-http-encryption. Firstly, each record currently includes between 1 and 256 bytes of padding, while the default record size is set to 4096 bytes. This is in many cases not sufficient, for example in the pad-to-next-power-of-two case. I've proposed a pull request to change the padding size to two bytes. https://github.com/martinthomson/http-encryption/pull/7 The draft defines a streaming model having a sender-configurable record size. What is the motivation for allowing this by default? TLS defines 16KB records and only allows negotiation of this value per an extension. Of course, introducing a fixed record size would violate the requirement set by draft-ietf-webpush-encryption of only allowing a single record, for any message that is larger than said size. A reasonably clean way of addressing this would be to separate the Content-Encoding values: aesgcm128 vs. aes128gcm-streaming. As a slight meta question, what are the expected users of the streaming model? Thanks, Peter
Received on Wednesday, 27 January 2016 18:47:52 UTC