- From: Ilari Liusvaara <ilariliusvaara@welho.com>
- Date: Fri, 30 Jun 2023 21:50:23 +0300
- To: HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Jun 30, 2023 at 01:30:07PM -0400, Patrick Meenan wrote: > Yoav and I have put together a first draft of a proposal for Compressed > Dictionary Transport. It's currently an individual draft but we'd like to > see if the HTTP working group would be willing to adopt it so we can all > iterate on the spec and get to something that is hopefully > consensus-shippable. > > This is otherwise known as the latest attempt at "shared brotli" > compression but in a more generic form that supports brotli and zstd and > hopefully resolves the security and privacy concerns of previous attempts. > > The draft is here: > https://datatracker.ietf.org/doc/draft-meenan-httpbis-compression-dictionary/ > > The explainer (with examples and some browse-specific HTML bits) is here: > https://github.com/WICG/compression-dictionary-transport > > Some of the field names have changed since the explainer and I expect > bikeshedding will refine them further. > > Chrome will be running a field trial of the compression in the next few > months to gather developer feedback and see how it works for deploying. > The spec is hopefully written in such a way that it is not specific to the > browser use case but does have some additional carve-outs for some of the > browser-specific privacy concerns. Some quick comments: - Allowing absolute URLs in match is a footgun, since dictionaries are restricted to same-origin. I don't think any of the usual URI productions are suitable here. I think most suitable would be 'segment *( "/" segment )', where segment is the production from RFC 3986. - If match patterns are intended to be paths, one could use ? as the wildcard, avoiding double meanings, since HTTP paths can not contain ?. - It is not clear how Sec-Available-Dictionary is encoded. Is it hex encoding? base64 encoding? base64url encoding? Something else? One could use sf-binary with the binary hash value. - Can that match algorithm blow up in runtime? - One place calls the encodings "br-d" and "zstd-d" and IANA considerations seem to have "sbr" and "szstd". -Ilari
Received on Friday, 30 June 2023 18:50:33 UTC