- From: Willy Tarreau <w@1wt.eu>
- Date: Mon, 2 Jun 2014 21:45:08 +0200
- To: K.Morgan@iaea.org
- Cc: ietf-http-wg@w3.org, C.Brunhuber@iaea.org
On Mon, Jun 02, 2014 at 07:23:05PM +0000, K.Morgan@iaea.org wrote: > + Interoperability is easy; any inflate library (e.g. zlib) will decompress ezflate streams Which makes me fear that it's as prone to DoS attacks as gzip (eg: send 1 Mbps of headers which are decompressed as 1 Gbps or headers), and as slow (a 40 Gbps capable server will basically scale down to less than 1 Gbps due to the cost of the compression). Don't forget that CRIME is not the only weakness of gzip here, it was the absolute showstopper, but the other issues remain :-/ Regards, Willy
Received on Monday, 2 June 2014 19:45:39 UTC