- From: Julian Reschke <julian.reschke@greenbytes.de>
- Date: Thu, 3 Sep 2015 12:09:41 +0200
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mark Nottingham <mnot@mnot.net>
- Cc: ietf-http-wg@w3.org, The IESG <iesg@ietf.org>, Mark Nottingham <mnot@pobox.com>
On 03.09.2015 11:47, Stephen Farrell wrote: > > Hi Julian, > > On 03/09/15 09:48, Julian Reschke wrote: >> On 2015-09-03 03:01, Stephen Farrell wrote: >>> >>> >>> On 03/09/15 01:52, Mark Nottingham wrote: >>>> Something like this, perhaps? >>>> http://httpwg.github.io/specs/rfc7540.html#rfc.section.10.6 >>> >>> Yes and no. >>> >>> No. The URL above is for HTTP/2 and this is a header usable in >>> HTTP/1.1 so is not the same. Adding this to a system that is >>> currently safe wrt BREACH is also perhaps not the same as doing >>> HTTP/2 from scratch and ending up safe wrt BREACH. >> >> Note that the spec doesn't really introduce compression for >> client->server. This feature has been around for ages. All the spec does >> is make feature discovery and diagnostics easier. > > I don't understand your last sentence above. Isn't this a signal > that will cause request compression to be turned on in cases when > it wasn't previously? If not, then I at least misread the text. > If so, then the "All" in your sentence doesn't seem correct. It may lead to more compression to be used; but compression can (and is) used without this feature. > ... Best regards, Julian
Received on Thursday, 3 September 2015 10:09:59 UTC