W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Negotiating compression

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 29 May 2014 13:47:27 +0200
To: "Jason T. Greene" <jgreene@redhat.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Simone Bordet <simone.bordet@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140529114727.GM25451@1wt.eu>
On Thu, May 29, 2014 at 07:41:05AM -0400, Jason T. Greene wrote:
> > On May 29, 2014, at 1:40 AM, Willy Tarreau <w@1wt.eu> wrote:
> > 
> > These ones could be advertised in the ALPN name (h2 = failsafe, h2h =
> > hpack version for example) so that we don't need an extra round trip
> > to know what is supported.
> You mean disable/disallow the Huffman encoding bit in HPACK right? HPACK with
> a size 0 table is easy for embedded devices (and everyone else), offers
> decent reduction in header sizes, and runs no risk of a CRIME style attack.

Yes possibly, but anyway this is the general idea. What features should
remain in the failsafe, cheap an suboptimal fallback have to be determined.

> > That way if a CRIME-like attack surfaces, simply disable h2h for the
> > time it takes to design a new encoding and applications relying on
> > passing everything in the same connection continue to work, just
> > slightly slower.
> If you did the above if likely wouldn't be slower, it would even be
> computationally faster, and might still be small enough to limit round
> trips

I think so as well.

Received on Thursday, 29 May 2014 11:47:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC