W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re[2]: FYI... Binary Optimized Header Encoding for SPDY

From: Adrien de Croy <adrien@qbik.com>
Date: Sun, 05 Aug 2012 23:22:57 +0000
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>, "Phillip Hallam-Baker" <hallam@gmail.com>
Cc: "Amos Jeffries" <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <em0de53c00-1d76-4ae8-8e5d-46c90336af54@reboist>

personally I see little value in allowing a "safe" character to be 
encoded with %, and specify it has no semantic meaning (that it is 
encoded rather than "native")

Why not simply deprecate such things for 2.0, and when it comes to 
putting together a 1.1 message from a 2.0 message, it needs encoding at 
that stage, and at that stage, there's only 1 allowed way to do it, 
e.g. safe chars MUST NOT be %-encoded etc.

Adrien

------ Original Message ------
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
To: "Phillip Hallam-Baker" <hallam@gmail.com>
Cc: "Amos Jeffries" <squid3@treenet.co.nz>;"ietf-http-wg@w3.org" 
<ietf-http-wg@w3.org>
Sent: 6/08/2012 4:39:46 a.m.
Subject: Re: FYI... Binary Optimized Header Encoding for SPDY
>In message <CAMm+Lwj_MqNJRkXLVUbwCZdqFru_GwFs9Pe8AB+jYSQNO8jy=g@mail.gmail.com>
>, Phillip Hallam-Baker writes:
>
>>
>>On Sun, Aug 5, 2012 at 8:31 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>>
>>>
>>>But opens you up to DoS attacks along the lines of:
>>>
>>>        GET /ABCDEF.html
>>>        GET /%41BCDEF.html
>>>        GET /A%42CDEF.html
>>>        ...
>>>
>>
>>
>>Those are actually the same URL. Just different encodings.
>>
>
>
>That's exactly the point.
>
>Intermediaries need to decode URI and therefore the question of ASCII
>vs. UTF8 performance is relevant.
>
>But as I said earlier: I'm not sure if the advantage goes to ASCII
>with the need for further encoding, or to UTF8 with no further encoding
>needed.
>
>--
>Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
>phk@FreeBSD.ORG         | TCP/IP since RFC 956
>FreeBSD committer       | BSD since 4.3-tahoe
>Never attribute to malice what can adequately be explained by incompetence.
>
>
>
Received on Sunday, 5 August 2012 23:23:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 5 August 2012 23:23:39 GMT