Re: Header Compression from Ted Hardie on 2013-06-11 (ietf-http-wg@w3.org from April to June 2013)

From: Ted Hardie <ted.ietf@gmail.com>
Date: Tue, 11 Jun 2013 09:33:43 -0700
To: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
Cc: Martin Thomson <martin.thomson@gmail.com>, Ryan Hamilton <rch@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CA+9kkMAgPWFUVHgZrLuf+1-qtV17hY93-mRwh9-UH04Yw4MhfQ@mail.gmail.com>

On Tue, Jun 11, 2013 at 7:05 AM, RUELLAN Herve
<Herve.Ruellan@crf.canon.fr>wrote:

> I just did it :
> http://www.ietf.org/id/draft-ruellan-http-header-compression-00.txt
>
> Hervé.
>
>
Hi Herve,

A couple of quick comments.  First, for the TODO in your security
considerations section, I think you should probably expand on the text in
the overview, which describes the attack on Deflate and unpack why the
current scheme is resistant to similar attacks.  Second, the document
describes substitution and insertion, but does not describe deletion.   If
a party wishes to remove a header (note:  not change to a null value) is
this possible and, if so, what's the process?

regards,

Ted Hardie

> > -----Original Message-----
> > From: Martin Thomson [mailto:martin.thomson@gmail.com]
> > Sent: jeudi 6 juin 2013 18:46
> > To: RUELLAN Herve
> > Cc: Ryan Hamilton; ietf-http-wg@w3.org
> > Subject: Re: Header Compression
> >
> > On 6 June 2013 04:43, RUELLAN Herve <Herve.Ruellan@crf.canon.fr> wrote:
> > > Yes there are now both HTML and txt version available:
> > > http://http2.github.io/compression-spec/compression-spec.html
> > > http://http2.github.io/compression-spec/compression-spec.txt
> >
> > Could you please visit https://datatracker.ietf.org/idst/upload.cgi
> > and go through the motions for us.  It's a procedural matter that
> shouldn't
> > take more than a couple of minutes.
>

Received on Tuesday, 11 June 2013 16:34:10 UTC