W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Do we kill the "Host:" header in HTTP/2 ?

From: Patrick McManus <mcmanus@ducksong.com>
Date: Wed, 30 Jan 2013 23:19:04 +0900
Message-ID: <CAOdDvNow7exCxGn=HiSSRFwb+XOnnq3xYG0acpYT9dW1xZBs6A@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Roberto Peon <grmocg@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Jan 30, 2013 at 6:40 PM, Poul-Henning Kamp .<phk@phk.freebsd.dk>wrote:

>
>
> Why would the URI be more or less non-compressible than the Host: header ?
>
>
CRIME prevents partial matches of header values (espeically ones that can
contain sensitive information like a URI).. breaking out less sensitive
elements of that like host and scheme will provide greater opportunity for
delta matches. (as julian notes they can all be required to be provided
contiguously and in defined order up front, which I hope helps).
Received on Wednesday, 30 January 2013 14:19:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 14:19:37 GMT