Re: Éric Vyncke's No Objection on draft-ietf-httpbis-http2bis-06: (with COMMENT)

On Fri, Jan 7, 2022, at 09:29, Benjamin Kaduk wrote:
> Since a SEC AD was summoned, I'll confirm that this reasoning is basically
> sound.  Using random rather than constant padding would interact
> differently with compression techniques, but we already warn against
> compression and for good reason, so the distinction is mostly irrelevant.

To round this out more: there is a concern that random values will cause endpoints to expose too much of the state of their random number generators.  This might make them vulnerable to attack from endpoints that can predict what they will generate.  To be clear, I don't share this concern, even if it has some reasonable basis.

Probably more relevant: randomness is more expensive to generate than zero.

Received on Friday, 7 January 2022 02:25:23 UTC