W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Transfer-codings, mandatory content-coding support and intermediaries

From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Sat, 19 Apr 2014 07:44:36 +1000
Message-ID: <CACweHNB5_QaTokzmeiDB1hhOEcTWmN6wiAoAMaRwO0C5SZmnfA@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 19 April 2014 07:33, David Morris <dwm@xpasc.com> wrote:

>
>
> On Sat, 19 Apr 2014, Matthew Kerwin wrote:
>
> >
> > The obvious simplification, then, would be to change the setting to
> "accept gzip (yes/no)" (or replace the setting with a MUST support), and
> remove the encoding field
> > from the Data frame.
> >
> > This tends back towards the single gzip bit, which is alright, as long
> as it is clear that the compression context applies only to that data frame.
>
> I've missed some of the discussion, but I can't imagine why you would
> limit the compression context to a single data frame.


​Almost all of the discussion, apparently. If compression contexts can span
DATA frames, then we open the protocol up to CRIME/BREACH attacks again, or
else add extra complexity to limit it. It was also about limiting device's
state commitment for connections (not maintaining compression contexts).​


-- 
  Matthew Kerwin
  http://matthew.kerwin.net.au/
Received on Friday, 18 April 2014 21:45:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC