W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: FYI... Binary Optimized Header Encoding for SPDY

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sun, 05 Aug 2012 16:39:46 +0000
To: Phillip Hallam-Baker <hallam@gmail.com>
cc: Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <17367.1344184786@critter.freebsd.dk>
In message <CAMm+Lwj_MqNJRkXLVUbwCZdqFru_GwFs9Pe8AB+jYSQNO8jy=g@mail.gmail.com>
, Phillip Hallam-Baker writes:
>On Sun, Aug 5, 2012 at 8:31 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

>> But opens you up to DoS attacks along the lines of:
>>
>>         GET /ABCDEF.html
>>         GET /%41BCDEF.html
>>         GET /A%42CDEF.html
>>         ...
>
>Those are actually the same URL. Just different encodings.

That's exactly the point.

Intermediaries need to decode URI and therefore the question of ASCII
vs. UTF8 performance is relevant.

But as I said earlier: I'm not sure if the advantage goes to ASCII
with the need for further encoding, or to UTF8 with no further encoding
needed.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 5 August 2012 16:40:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 5 August 2012 16:40:19 GMT