- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Thu, 26 Jan 2012 11:14:22 +0000
- To: Amos Jeffries <squid3@treenet.co.nz>
- cc: Willy Tarreau <w@1wt.eu>, ietf-http-wg@w3.org
In message <4F212798.4080205@treenet.co.nz>, Amos Jeffries writes: >On 26/01/2012 10:48 p.m., Poul-Henning Kamp wrote: >> One benefit of compressing the entire connection is that it offers >> "privacy-light", the simple malware which just snoops packets and >> searches for "password:" etc, would be out of the picture. > >no gain. compression is equally mandatory and open to snoops as for >other software. Actually, that is not true. The barrier is significantly higher if you need to maintain compressed state for all the connections, compared to just scanning raw packets for red meat. I will agree that we are talking a white picket fence, not a solid concrete barrier, but ask anybody how much difference a small white picket fence makes with respect to dog-poop in your front yard and you will see the tangible benefit. >Yet if you want to rely on it for broken connections it must be sent or >that reliance fails. If the server doesn't intend to handle broken objects, either because it knows it cannot happen (static objects) or that it would be catastrophic in other ways, it can just close the connection on trouble, just like we do today. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 26 January 2012 11:14:50 UTC