W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: ezflate: proposal to reinstitute deflate header compression

From: Willy Tarreau <w@1wt.eu>
Date: Mon, 2 Jun 2014 21:45:08 +0200
To: K.Morgan@iaea.org
Cc: ietf-http-wg@w3.org, C.Brunhuber@iaea.org
Message-ID: <20140602194508.GF3154@1wt.eu>
On Mon, Jun 02, 2014 at 07:23:05PM +0000, K.Morgan@iaea.org wrote:
> + Interoperability is easy; any inflate library (e.g. zlib) will decompress ezflate streams

Which makes me fear that it's as prone to DoS attacks as gzip (eg: send
1 Mbps of headers which are decompressed as 1 Gbps or headers), and as
slow (a 40 Gbps capable server will basically scale down to less than
1 Gbps due to the cost of the compression).

Don't forget that CRIME is not the only weakness of gzip here, it was
the absolute showstopper, but the other issues remain :-/

Regards,
Willy
Received on Monday, 2 June 2014 19:45:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC