W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Some general thought on CRIME and Compression and Headers

From: Frédéric Kayser <f.kayser@free.fr>
Date: Sat, 12 Jan 2013 12:22:39 +0100
To: ietf-http-wg@w3.org
Message-Id: <6D66A12F-6B70-4CD5-9CB1-D24ED597B1C6@free.fr>
Hello,
gzip/deflate streams are made of different types of blocks cf. RFC 1951 http://www.ietf.org/rfc/rfc1951.txt (btype 0 is non compressed - fixed length-, btype 1 uses predefined Huffman tables, and btype 2 embeds Huffman tables specially tailored for the current data). The stream could switch to btype 0 when sensitive data has to be compressed, and afterwards this region could be excluded from LZ matches to avoid reuse, the resulting stream would be perfectly compatible with current Deflate decoders implementations.

Le 11 janv. 2013 à 20:45, James M Snell a écrit :

> So far, the techniques we have explored to address this problem have been to alter the compression mechanism (e.g. delta) so that the compression ratio can't be effectively used to reverse engineer the sensitive data. This, however, brings along a range of issues, not the least of which is the fact that delta encoding is not nearly as efficient as gzip. 
Received on Saturday, 12 January 2013 11:23:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 12 January 2013 11:23:19 GMT