- From: Jason Greene <jason.greene@redhat.com>
- Date: Thu, 29 May 2014 08:51:24 -0500
- To: Willy Tarreau <w@1wt.eu>
- Cc: Martin Thomson <martin.thomson@gmail.com>, Simone Bordet <simone.bordet@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On May 29, 2014, at 1:40 AM, Willy Tarreau <w@1wt.eu> wrote: > > These ones could be advertised in the ALPN name (h2 = failsafe, h2h = > hpack version for example) so that we don't need an extra round trip > to know what is supported. You mean disable/disallow the Huffman encoding bit in HPACK right? HPACK with a size 0 table is easy for embedded devices (and everyone else), offers decent reduction in header sizes, and runs no risk of a CRIME style attack. > > That way if a CRIME-like attack surfaces, simply disable h2h for the > time it takes to design a new encoding and applications relying on > passing everything in the same connection continue to work, just > slightly slower. If you did the above if likely wouldn't be slower, it would even be computationally faster, and might still be small enough to limit round trips
Received on Thursday, 29 May 2014 13:52:18 UTC