Re: Header Compression

On Tue, Jun 11, 2013 at 7:05 AM, RUELLAN Herve
<Herve.Ruellan@crf.canon.fr>wrote:

> I just did it :
> http://www.ietf.org/id/draft-ruellan-http-header-compression-00.txt
>
> Hervé.
>
>
Hi Herve,

A couple of quick comments.  First, for the TODO in your security
considerations section, I think you should probably expand on the text in
the overview, which describes the attack on Deflate and unpack why the
current scheme is resistant to similar attacks.  Second, the document
describes substitution and insertion, but does not describe deletion.   If
a party wishes to remove a header (note:  not change to a null value) is
this possible and, if so, what's the process?

regards,

Ted Hardie



> > -----Original Message-----
> > From: Martin Thomson [mailto:martin.thomson@gmail.com]
> > Sent: jeudi 6 juin 2013 18:46
> > To: RUELLAN Herve
> > Cc: Ryan Hamilton; ietf-http-wg@w3.org
> > Subject: Re: Header Compression
> >
> > On 6 June 2013 04:43, RUELLAN Herve <Herve.Ruellan@crf.canon.fr> wrote:
> > > Yes there are now both HTML and txt version available:
> > > http://http2.github.io/compression-spec/compression-spec.html
> > > http://http2.github.io/compression-spec/compression-spec.txt
> >
> > Could you please visit https://datatracker.ietf.org/idst/upload.cgi
> > and go through the motions for us.  It's a procedural matter that
> shouldn't
> > take more than a couple of minutes.
>

Received on Tuesday, 11 June 2013 16:34:10 UTC