Re: Getting (Officially) Started on HTTP/2.0


On 10/3/12 3:54 AM, Amos Jeffries wrote:
> 4) I'll stick my neck out and voice it. Cross-request LZ compression
> needs to go.
> The other drafts proposed a few alternative options there, per-header
> differential add/replace/remove flags.
> IIRC Robert was working on something there as well?

I don't think you're sticking your neck out very far ;-)  Mike had sent
a message to this list about this issue on the 14th of September.  While
I could see some small potential for abuse within the same security
context, I would be more concerned if a dictionary were shared across
contexts, where one might have different properties or the risk of MITM
is elevated for one reason or another.  I didn't think either of these
scenarios was seriously considered in SPDY.  Am I not being paranoid enough?


Received on Wednesday, 3 October 2012 06:30:23 UTC