Re: New Version Notification for draft-vkrasnov-h2-compression-dictionaries-01.txt from Vlad Krasnov on 2016-11-02 (ietf-http-wg@w3.org from October to December 2016)

From: Vlad Krasnov <vlad@cloudflare.com>
Date: Wed, 2 Nov 2016 11:10:15 -0700
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <68453225-6638-4203-AD19-ED9D2AD3A61E@cloudflare.com>

> The document is really light on details regarding how to use a
> dictionary.  I realize that this might /seem/ obvious, but it really
> needs to explain how better (up front preferably) how it is intended
> to work.  In particular, how do I tell what compression algorithm to
> feed the dictionary into?  HTTP/2 doesn't know about compression, in
> particular, HTTP/2 really *can't* use content-encoding.

Actually I was in the mind of reusing accept-encoding/content-encoding for this.

> I see that you have settings for the number of dictionaries, and the
> size of those dictionaries, this is good, but I think that you need to
> set an overall limit instead of a per-dictionary limit
> SETTINGS_MAX_DICTIONARY_SIZE (you get better efficiency that way).

That sounds like a good idea. 
The benefit of having a per-dictionary limit, is that when you append a stream to an existing dictionary it is implied you only keep the maximal allowed amount of bytes.
After all there is no point of having a dictionary larger than your window.
With a global limit you might want to specify how many bytes to keep explicitly, that creates additional overhead.
Maybe combine both?

> I like the idea of static dictionaries, but your structure would force
> an implementation to support ALL static dictionaries if they wanted to
> support ANY dynamic dictionaries.  That might be inadvisable.  A
> separate setting would be better I think.  (Static dictionaries could
> start from the top of the numbering space, perhaps, so that you can
> have many static dictionaries.)

There a few options I considered for static dictionaries, and all of them are acceptable for me.
Currently I went for the cheapest option in terms of implementation simplicity/overhead.

> The security considerations need a lot more detail about when it is
> safe to use a compression dictionary, etc.

It should be OK compress same origin, self referenced requests, this however degrades performance on sharded websites.
Also the use of static dictionaries is quite safe.

Received on Wednesday, 2 November 2016 18:10:49 UTC