- From: Michael Sweet <msweet@apple.com>
- Date: Tue, 27 May 2014 14:24:31 -0400
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-id: <96416056-4A2C-442D-9EE8-140A504DADCA@apple.com>
Martin, On May 27, 2014, at 1:54 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > The long and rambling thread on schedule has again started to discuss > HPACK. A point was made regarding negotiation for its use. > > I don't think that negotiation is necessary. The argument regarding > the physics, which would dictate the use of an entire RTT for > negotiation, is compelling, but I have others. The only reason you > want negotiation is if you want to be able to influence the behaviour > of a counterparty. > > A sizable advantage can be gained by modifying your own behaviour, > which HPACK always permits. Given that the data you care most about > protecting is usually the stuff that you send, I'm willing to bet that > this is good enough in the unlikely event that an attack is > discovered. A parameter in the initial settings frame would be enough - we already have one for controlling the size of the header table. All that would seem to be missing is a parameter to disable Huffman coding (issue #485) to enable simpler implementations that use the literal representations for headers (with names and/or the static table indices). _________________________________________________________ Michael Sweet, Senior Printing System Engineer, PWG Chair
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Tuesday, 27 May 2014 18:25:05 UTC