Re: Transfer-codings, mandatory content-coding support and intermediaries from Martin Thomson on 2014-04-21 (ietf-http-wg@w3.org from April to June 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 21 Apr 2014 13:19:42 -0700
To: K.Morgan@iaea.org
Cc: Matthew Kerwin <matthew@kerwin.net.au>, Patrick McManus <pmcmanus@mozilla.com>, Mark Nottingham <mnot@mnot.net>, C.Brunhuber@iaea.org, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnXNYXsgfSziYZOZ8TOa9qLmAKfrcGmN+9aytypAEiQr5Q@mail.gmail.com>

On 21 April 2014 12:47,  <K.Morgan@iaea.org> wrote:
> But regardless, at a minimum the security considerations of compression without proper context should be explicitly enumerated.

Can you tell me exactly how this [1] falls short?

[1] http://http2.github.io/http2-spec/#rfc.section.10.6

Received on Monday, 21 April 2014 20:20:12 UTC