W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Cost analysis: (was: Getting to Consensus: CONTINUATION-related issues)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sun, 20 Jul 2014 07:15:00 +0000
To: Roberto Peon <grmocg@gmail.com>
cc: Jason Greene <jason.greene@redhat.com>, David Krauss <potswa@gmail.com>, Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>, Mark Nottingham <mnot@mnot.net>
Message-ID: <23616.1405840500@critter.freebsd.dk>
In message <CAP+FsNf0zavEWmZzdMpery=y8jD207mXfJh4TeY6P7p60vp8Vw@mail.gmail.com>
, Roberto Peon writes:

> How does the client know that 1MB cannot compress to 16KB? 1MB *can*
> compress to 16kb.

Thanks for bringing this up:

A 1 megabyte request can indeed be compressed to 16KB, if

A) it is a DoS attack

B) it is utterly demented.  See also A.

or

C) up to 64 requests were spent previously priming the compressor state
   on the other side for this very purpose.  See also A.

Implementors beware.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 20 July 2014 07:15:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC