Re: FYI... Binary Optimized Header Encoding for SPDY

In message <>
, Phillip Hallam-Baker writes:
>On Sun, Aug 5, 2012 at 8:31 AM, Poul-Henning Kamp <> wrote:

>> But opens you up to DoS attacks along the lines of:
>>         GET /ABCDEF.html
>>         GET /%41BCDEF.html
>>         GET /A%42CDEF.html
>>         ...
>Those are actually the same URL. Just different encodings.

That's exactly the point.

Intermediaries need to decode URI and therefore the question of ASCII
vs. UTF8 performance is relevant.

But as I said earlier: I'm not sure if the advantage goes to ASCII
with the need for further encoding, or to UTF8 with no further encoding

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 5 August 2012 16:40:12 UTC