Re: Éric Vyncke's No Objection on draft-ietf-httpbis-http2bis-06: (with COMMENT) from Martin Thomson on 2022-01-07 (ietf-http-wg@w3.org from January to March 2022)

From: Martin Thomson <mt@lowentropy.net>
Date: Fri, 07 Jan 2022 13:24:50 +1100
To: ietf-http-wg@w3.org
Message-Id: <627f2c26-902a-468c-9918-9fe0f5cef6ad@beta.fastmail.com>

On Fri, Jan 7, 2022, at 09:29, Benjamin Kaduk wrote:
> Since a SEC AD was summoned, I'll confirm that this reasoning is basically
> sound.  Using random rather than constant padding would interact
> differently with compression techniques, but we already warn against
> compression and for good reason, so the distinction is mostly irrelevant.

To round this out more: there is a concern that random values will cause endpoints to expose too much of the state of their random number generators.  This might make them vulnerable to attack from endpoints that can predict what they will generate.  To be clear, I don't share this concern, even if it has some reasonable basis.

Probably more relevant: randomness is more expensive to generate than zero.

Received on Friday, 7 January 2022 02:25:23 UTC