W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: draft-ietf-httpbis-http2-latest, 4.3 Header Compression and Decompression, 10.6 Use of Compression

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 9 Jul 2014 11:37:04 -0700
Message-ID: <CABkgnnVuS6w2mh7cL0WuZMpOKQqUdw=21LZseAw935QBempN0w@mail.gmail.com>
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: HTTPBIS working group mailing list <ietf-http-wg@w3.org>
On 8 July 2014 22:23, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> Or is that "MUST NOT compress content" too strong language?

Not really.  In the proxy deployment case, the proxy is obligated to
either understand the content and context, or to avoid using
compression.

In reality, I think people will ignore the advice and open themselves
to the sorts of attack you describe.
Received on Wednesday, 9 July 2014 18:37:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC