- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 29 May 2014 13:47:27 +0200
- To: "Jason T. Greene" <jgreene@redhat.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, Simone Bordet <simone.bordet@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, May 29, 2014 at 07:41:05AM -0400, Jason T. Greene wrote: > > > On May 29, 2014, at 1:40 AM, Willy Tarreau <w@1wt.eu> wrote: > > > > These ones could be advertised in the ALPN name (h2 = failsafe, h2h = > > hpack version for example) so that we don't need an extra round trip > > to know what is supported. > > You mean disable/disallow the Huffman encoding bit in HPACK right? HPACK with > a size 0 table is easy for embedded devices (and everyone else), offers > decent reduction in header sizes, and runs no risk of a CRIME style attack. Yes possibly, but anyway this is the general idea. What features should remain in the failsafe, cheap an suboptimal fallback have to be determined. > > That way if a CRIME-like attack surfaces, simply disable h2h for the > > time it takes to design a new encoding and applications relying on > > passing everything in the same connection continue to work, just > > slightly slower. > > If you did the above if likely wouldn't be slower, it would even be > computationally faster, and might still be small enough to limit round > trips I think so as well. Willy
Received on Thursday, 29 May 2014 11:47:55 UTC