W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: Rechartering HTTPbis

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 27 Jan 2012 00:54:51 +1300
Message-ID: <4F213F0B.7@treenet.co.nz>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
CC: Willy Tarreau <w@1wt.eu>, ietf-http-wg@w3.org
On 27/01/2012 12:14 a.m., Poul-Henning Kamp wrote:
> In message<4F212798.4080205@treenet.co.nz>, Amos Jeffries writes:
>> On 26/01/2012 10:48 p.m., Poul-Henning Kamp wrote:
>>> One benefit of compressing the entire connection is that it offers
>>> "privacy-light", the simple malware which just snoops packets and
>>> searches for "password:" etc, would be out of the picture.
>> no gain. compression is equally mandatory and open to snoops as for
>> other software.
> Actually, that is not true.  The barrier is significantly higher
> if you need to maintain compressed state for all the connections,
> compared to just scanning raw packets for red meat.

I don't mean compared to nothing at all. I mean as compared to each 
other, snoops and legit servers have relatively the same state to 
maintain. A part of the benefit from encryption is the imbalance between 
snoops having to know more and keep more state running perfectly than 
any legit endpoints. Its an unfair game weighted in favor of the good guys.

>
> I will agree that we are talking a white picket fence, not a solid
> concrete barrier, but ask anybody how much difference a small white
> picket fence makes with respect to dog-poop in your front yard and
> you will see the tangible benefit.

But them nastier cat'll jump right over. ;)

AYJ
Received on Thursday, 26 January 2012 11:55:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:53 GMT