Re: Negotiating compression

+1

Smith



On 2014-05-29, at 12:34 AM, Willy Tarreau <w@1wt.eu> wrote:

> On Wed, May 28, 2014 at 10:32:44AM -0700, Martin Thomson wrote:
>> On 28 May 2014 02:41, Simone Bordet <simone.bordet@gmail.com> wrote:
>>> Can you please expand on what is plan B in the unlikely event ?
>>> I am guessing that it would require to bump the HTTP version, and a
>>> worldwide update of all servers to the new version (or drop to HTTP
>>> 1.1) ?
>> 
>> That's extreme, but I think reasonable.  Given that you are talking
>> about trying to force behaviour on a counterparty, I don't see there
>> being any virtue in finer grained control over counterparty behaviour.
> 
> I tend to think that a failsafe, non-optimal fallback without the bells
> and whistles could significantly drive adoption. Devices could start by
> only supporting this minimal subset, and later implement the large one.
> These ones could be advertised in the ALPN name (h2 = failsafe, h2h =
> hpack version for example) so that we don't need an extra round trip
> to know what is supported.
> 
> That way if a CRIME-like attack surfaces, simply disable h2h for the
> time it takes to design a new encoding and applications relying on
> passing everything in the same connection continue to work, just
> slightly slower.
> 
> And devices with limited capabilities can only implement the non-optimal
> mode which is cheaper for them.
> 
> Willy
> 
> 

Received on Thursday, 29 May 2014 15:36:43 UTC