- From: Roberto Peon <grmocg@gmail.com>
- Date: Wed, 27 Mar 2013 17:14:54 -0700
- To: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
- Cc: "agl@google.com" <agl@google.com>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Message-ID: <CAP+FsNfy0ognTBaF7USBcP9dTL5bQsruav30FmGB70m_0JfjyA@mail.gmail.com>
I've checked in some changes to delta2 which expands and documents various
options for delta2 in the README.md.
After running a number of variations of delta2, The following defaults look
good for small buffer sizes:
delta2=max_entries=256, small_index=1
small_index basically says use a uint8 instead of a uint16 for representing
indices, and is the kind of thing that could be messaged somewhere (opcode,
flag, whatever).
The best headerdiff option which I believe is safe against CRIME in the
future is:
headerdiff=delta_type=false,huffman
I removed prefix matching from delta some months ago (~6 I think?) after
cogitating on it for a while and then speaking with security folks.. I just
couldn't come up with a way I could prove was safe, unlike the
atom-matching, which one can prove is no worse than a brute-force attack.
I've appended runs with these values@4k buffer size for delta2 and
headerdiff below.
-=R
* TOTAL: 5949 req messages
size time | ratio min max std
http1 3,460,925 0.13 | 1.00 1.00 1.00
0.00
delta2 (max_byte_size=4096, max_entries=256, small_index=1, hg_adjust=0,
implicit_hg_add=0, refcnt_vals=0) 664,683 4.16 | 0.19 0.02 0.83
0.15
headerdiff
(buffer=4096, delta_type=false, huffman) 759,783 2.03 | 0.22 0.01
0.78 0.18
* TOTAL: 5948 res messages
size time | ratio min max std
http1 2,186,162 0.12 | 1.00 1.00 1.00
0.00
delta2 (max_byte_size=4096, max_entries=256, small_index=1, hg_adjust=0,
implicit_hg_add=0, refcnt_vals=0) 585,475 5.32 | 0.27 0.02 1.28
0.13
headerdiff
(buffer=4096, delta_type=false, huffman) 543,047 3.29 | 0.25 0.02
0.73 0.14
Received on Thursday, 28 March 2013 00:15:21 UTC