Re: draft-ietf-httpbis-http2-latest, 4.3 Header Compression and Decompression, 10.6 Use of Compression from Martin Thomson on 2014-07-09 (ietf-http-wg@w3.org from July to September 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 9 Jul 2014 11:37:04 -0700
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Cc: HTTPBIS working group mailing list <ietf-http-wg@w3.org>
Message-ID: <CABkgnnVuS6w2mh7cL0WuZMpOKQqUdw=21LZseAw935QBempN0w@mail.gmail.com>

On 8 July 2014 22:23, Kari Hurtta <hurtta-ietf@elmme-mailer.org> wrote:
> Or is that "MUST NOT compress content" too strong language?

Not really.  In the proxy deployment case, the proxy is obligated to
either understand the content and context, or to avoid using
compression.

In reality, I think people will ignore the advice and open themselves
to the sorts of attack you describe.

Received on Wednesday, 9 July 2014 18:37:31 UTC