This may be true for a single session, but it would seem that having every session begin with the same long text could allow correlations to be drawn on large data sets, potentially leading to full recovery of the sessions.
Do you know of the proof that rules out such a possibility?
No, that is not a realistic vulnerability. I am now regretting nerding out about AES upthread, since I seem to have created the impression that there is some risk to having every HTTP request start with a fixed string. There is not.
> Why not? What allows AES to escape such an attack?
What attack? A known plaintext attack is just a type of attack. There aren’t any such known attacks against AES currently. http://crypto.stackexchange.com/a/10837/7264 is related.
Fair enough. Maybe there is some disagreement between the participants of this thread in what "known-known" means. I would say that without a proof that a known-plaintext attack cannot exist, one cannot say "There is not (a known-plaintext attack)." One could say, however, "I do not know of a known-plaintext attack against AES, however I do not know of a proof that rules one out."
Also, HTTP/2 traffic may be encrypted using another scheme (which may be vulnerable to large constant blocks in known locations). I don't think HTTP refers or deals at all with encryption. I'm not sure about HTTP2. My understanding is that they are application protocols only and that message integrity protocols occur at a different layer.
> Also, HTTP/2 traffic may be encrypted using another scheme (which may be vulnerable to large constant blocks in known locations).
This isn’t really a situation worth caring about when designing a protocol. If you’re choosing to encrypt something with weak encryption, you had better be darn sure that its vulnerabilities don’t apply. (And… why would you do that to begin with? No compelling performance reasons, even.)
Do you know of the proof that rules out such a possibility?