On Fri, Oct 3, 2014 at 10:37 AM, John Hudson <tiro@tiro.com> wrote:
> Jonathan,
>
> Out of interest, are you writing your own Brotli decoder, or using open
> source code from Google? I wonder because some of my colleagues have
> expressed concern about the single implementation of Brotli
> compression/decompression, as compared with the variety of libraries
> available for handling WOFF1 gzip. They wonder how robustly tested is the
> Google code, given how new Brotli is? Also, has it undergone security
> reviews?
A quick note...
We are all looking forward to a second independent implementation of the
Brotli compression algorithm, and are fully expecting Microsoft / Internet
Explorer team to develop one (thank you in advance Sergey!). Thus the
heavy emphasis on a thorough (and easy to implement) specification:
http://tools.ietf.org/html/draft-alakuijala-brotli-01
In regards to security reviews for Brotli, Kenji posted the following in
June:
http://lists.w3.org/Archives/Public/public-webfonts-wg/2014Jun/0018.html
Additional security reviews would be most welcome however!
>
> JH
>