W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: #445: Transfer-codings

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 4 Apr 2014 13:41:21 -0700
Message-ID: <CABkgnnVW1GQC=2KVn-tz+2Xtk12pE2nxacc17F5iK=Vc5DS4Ww@mail.gmail.com>
To: K.Morgan@iaea.org
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 4 April 2014 13:36,  <K.Morgan@iaea.org> wrote:
> If there are specific security issues related to gzip then they apply equally to C-E gzip (which is implicitly required for clients to support already). As we mentioned below, one of the benefits of using TE/Transfer-Encoding over a framing layer transfer coding mechanism is that the decision to TE compress can be made at the same level as deciding to CE compress.

This is not correct.  An origin server applies Content-Encoding.
Transfer-Encoding is hop-by-hop.  As I pointed out previously, the
entities applying T-E are likely to lack the contextual information
required to make the right decisions regarding safe use of
Received on Friday, 4 April 2014 20:41:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:29 UTC