Re: Header Compression from Ted Hardie on 2013-06-20 (ietf-http-wg@w3.org from April to June 2013)

From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 20 Jun 2013 15:57:52 -0700
To: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
Cc: Martin Thomson <martin.thomson@gmail.com>, Ryan Hamilton <rch@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CA+9kkMAP1=WUhO71+uienmwK+WWwa0Y+e5uLtsSagnDT1igtCg@mail.gmail.com>

On Mon, Jun 17, 2013 at 9:43 AM, RUELLAN Herve
<Herve.Ruellan@crf.canon.fr>wrote:

>
> Second, it is a design choice not to have deletion: the mean of removing a
> header is to replace it with a new one. Another possibility is to use the
> automatic dropping of headers to remove the headers that were the oldest to
> be added to the table (see penultimate paragraph of section 3.1 Header
> Table).
>
>
Sorry for the delay in responding.  Just to make sure I understand:

I have a header "Example: ".  It's in position 3 in the index.  I want to
remove "Example: ".  To do so, I update position 3 with a new header, say,
"Fleen: ".  The Fleen header can be a no-op, a duplicate of another header,
or something I care about now and did not before.

Is that about right?

If so, I don't think the draft is clear on this point.   I think making an
explicit statement that there is no "delete" operation but that a similar
aim can be accomplished by updating an index position with a new header,
including a no-op header, would be useful.

regards,

Ted Hardie




> Hervé.
>  ------------------------------
> *From:* Ted Hardie [ted.ietf@gmail.com]
> *Sent:* Tuesday, June 11, 2013 18:33
> *To:* RUELLAN Herve
> *Cc:* Martin Thomson; Ryan Hamilton; ietf-http-wg@w3.org
> *Subject:* Re: Header Compression
>
>  On Tue, Jun 11, 2013 at 7:05 AM, RUELLAN Herve <
> Herve.Ruellan@crf.canon.fr> wrote:
>
>> I just did it :
>> http://www.ietf.org/id/draft-ruellan-http-header-compression-00.txt
>>
>> Hervé.
>>
>>
> Hi Herve,
>
> A couple of quick comments.  First, for the TODO in your security
> considerations section, I think you should probably expand on the text in
> the overview, which describes the attack on Deflate and unpack why the
> current scheme is resistant to similar attacks.  Second, the document
> describes substitution and insertion, but does not describe deletion.   If
> a party wishes to remove a header (note:  not change to a null value) is
> this possible and, if so, what's the process?
>
> regards,
>
> Ted Hardie
>
>
>
>> > -----Original Message-----
>> > From: Martin Thomson [mailto:martin.thomson@gmail.com]
>> > Sent: jeudi 6 juin 2013 18:46
>> > To: RUELLAN Herve
>> > Cc: Ryan Hamilton; ietf-http-wg@w3.org
>> > Subject: Re: Header Compression
>> >
>>  > On 6 June 2013 04:43, RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
>> wrote:
>> > > Yes there are now both HTML and txt version available:
>> > > http://http2.github.io/compression-spec/compression-spec.html
>> > > http://http2.github.io/compression-spec/compression-spec.txt
>> >
>> > Could you please visit https://datatracker.ietf.org/idst/upload.cgi
>> > and go through the motions for us.  It's a procedural matter that
>> shouldn't
>> > take more than a couple of minutes.
>>
>
>

Received on Thursday, 20 June 2013 22:58:20 UTC