W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2019

New I-D: Security Considerations Regarding Compression Dictionaries

From: W. Felix Handte <w@felixhandte.com>
Date: Tue, 29 Oct 2019 19:20:09 -0400
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20988909-6e4e-ea45-139a-ca403a7433eb@felixhandte.com>
Hello all,

At IETF 104, I presented a teaser of the exploratory work I've been 
doing into dictionary-based compression for HTTP [0]. At the time, I 
promised that I would follow up with an analysis of the security 
properties of dictionary-based compression.

That time has come! I've just uploaded a draft [1] that attempts to 
address that need and provide a useful survey of the interactions 
between dictionaries, internet protocols, and security.

I would eventually like for this document to find a home in the HTTP WG; 
your feedback and thoughts are greatly appreciated.

I look forward to seeing you all in Singapore!


[0] https://youtu.be/GIRgsVIYG7I?t=6889
[1] https://datatracker.ietf.org/doc/draft-handte-httpbis-dict-sec/
Received on Tuesday, 29 October 2019 23:20:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:15:43 UTC