Op 12 aug. 2013, om 01:35 heeft Eric Covener <[email protected]> het volgende geschreven:
> > > What do you think of including a header? Is there a way to find out > > from the encrypted traffic where the header ends and where the body > > starts? > > For a typical request they are in separate SSL records and someone running a > packet capture can tell when the headers or body has grown. We could arrange > for the headers to always span an SSL record, and put a variable length one > at the bottom -- but that only helps if the secret and request data are in > the first frame. Not sure - I am fairly sure we nicely cut on headers - and have the (SSL) packets go out at or very near the end of the header. So I guess we'd intentionally would have to sub-optimize this somewhat - or uses some default chunked/mime-type boundary trickery outside the traditional header instead. Dw.
