- From: <K.Morgan@iaea.org>
- Date: Fri, 28 Mar 2014 09:30:10 +0000
- To: <roland@zinks.de>, <ietf-http-wg@w3.org>
On Friday,28 March 2014 10:10, Roland Zinks wrote: >> On 26 March 2014 19:18, Roland Zinks wrote: >>> Mandating content-encoding gzip has the same issue as it is not >>> mandated in HTTP/1.1 and a gateway can't really translate. >> Not sure what you mean exactly. Isn't that how Section 9.3 of the current draft is written (i.e. content-encoding: gzip is explicitly supported on every request)? >> >Yes it is written this way and this is a problem for a gateway from my point of view. It also gives the client no control. Although unlikely, it seems a bit optimistic to assume that no security issues will be discovered down the road with compression of response bodies. If such a security issue was discovered, clients would have to rely on servers to disable compression rather than being able to control it themselves. What was the original motivation for mandating, implicitly, support for gzip content encoding? This email message is intended only for the use of the named recipient. Information contained in this email message and its attachments may be privileged, confidential and protected from disclosure. If you are not the intended recipient, please do not read, copy, use or disclose this communication to others. Also please notify the sender by replying to this message and then delete it from your system.
Received on Friday, 28 March 2014 09:30:44 UTC