[Cryptography] RFC7540 (HTTP/2) easter egg: "PRISM"
Henry Baker
hbaker1 at pipeline.com
Tue Dec 1 18:00:29 EST 2015
FYI -- Thank you, Edward!
http://blog.jgc.org/2015/11/the-secret-message-hidden-in-every.html
If you spy on an HTTP/2 connection starting up you'll notice that it sends an almost-but-not-quite valid HTTP request at the very start of the connection. Like this:
http://3.bp.blogspot.com/-q5wtbZUhRD0/VlxWqJ4iH1I/AAAAAAAAC8Q/XeUgvbxSQzY/s320/Screen%2BShot%2B2015-11-30%2Bat%2B14.00.55.png
Written a little more clearly that's:
PRI * HTTP2.0
SM
The HTTP verb is PRI and the body contains just SM. Put them together and you get... *PRISM.* This occurs right at the start of the connection to ensure that the server really supports HTTP/2.0. It is detailed in Section 3.5 of RFC7540 as follows:
https://tools.ietf.org/html/rfc7540#section-3.5
More information about the cryptography
mailing list