IETF Logo Mail Archive

Re: Header Compression

Ted Hardie <ted.ietf@gmail.com> Tue, 11 June 2013 16:35 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB06B21F8F5C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 11 Jun 2013 09:35:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.598
X-Spam-Level:
X-Spam-Status: No, score=-8.598 tagged_above=-999 required=5 tests=[AWL=2.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id noAMAdiSV9ML for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 11 Jun 2013 09:35:47 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id E394D21F8EAD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 11 Jun 2013 09:35:46 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UmRWd-000653-54 for ietf-http-wg-dist@listhub.w3.org; Tue, 11 Jun 2013 16:34:27 +0000
Resent-Date: Tue, 11 Jun 2013 16:34:27 +0000
Resent-Message-Id: <E1UmRWd-000653-54@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <ted.ietf@gmail.com>) id 1UmRWM-00062N-Lk for ietf-http-wg@listhub.w3.org; Tue, 11 Jun 2013 16:34:10 +0000
Received: from mail-ie0-f172.google.com ([209.85.223.172]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <ted.ietf@gmail.com>) id 1UmRWL-0003Sg-7U for ietf-http-wg@w3.org; Tue, 11 Jun 2013 16:34:10 +0000
Received: by mail-ie0-f172.google.com with SMTP id 17so20636856iea.31 for <ietf-http-wg@w3.org>; Tue, 11 Jun 2013 09:33:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=z3CLy8G75D8s587s7Rst/TFCjZxxS33hGNVgHkDYuNM=; b=yU2SPBVAeGuqQLWMXS1ysAj0A+9+6rhSsZAgxnzqNk2h4QguPYoerwSX2Bl5eHTtIl JC6sQqPM/8CnpMYvt5KzFpLOsiY7hLB9i7Fd8FsT7vO8Th0jhM9Jzqf0sZueFYkbKQSV qfspV9ZF8XRgb5OcUcaQePzsmJuCDEGDb/ABNQIi7rGO+YThcXgS3FZW1m4UWL+jvjSC xUxJtTNMqV9L9jdbWekchsENCohhZ7emp38LEOQkvkACK9DLyUCB2pQyja+W4zAE11kh 0J+rLrP8JTctltEmM2faQSnHuT9RMXxXBXHKxh6VMXeIMpGLl+0QhelMnZvd9q9dObHM LUzg==
MIME-Version: 1.0
X-Received: by 10.50.17.166 with SMTP id p6mr1388895igd.12.1370968423423; Tue, 11 Jun 2013 09:33:43 -0700 (PDT)
Received: by 10.42.177.2 with HTTP; Tue, 11 Jun 2013 09:33:43 -0700 (PDT)
In-Reply-To: <6C71876BDCCD01488E70A2399529D5E5165335A6@ADELE.crf.canon.fr>
References: <6C71876BDCCD01488E70A2399529D5E516531910@ADELE.crf.canon.fr> <CAJ_4DfTQ=X1RE+4aO58_1h7_sCvhNW19ZTFAC7htA4Tb_5gj8w@mail.gmail.com> <6C71876BDCCD01488E70A2399529D5E516532B26@ADELE.crf.canon.fr> <CABkgnnURGjmOTNM=mNKOAdmU0F87Rbs_2jDcGQ3_tAVzofwKrg@mail.gmail.com> <6C71876BDCCD01488E70A2399529D5E5165335A6@ADELE.crf.canon.fr>
Date: Tue, 11 Jun 2013 09:33:43 -0700
Message-ID: <CA+9kkMAgPWFUVHgZrLuf+1-qtV17hY93-mRwh9-UH04Yw4MhfQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
Cc: Martin Thomson <martin.thomson@gmail.com>, Ryan Hamilton <rch@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="14dae9340cc9e068e504dee3758b"
Received-SPF: pass client-ip=209.85.223.172; envelope-from=ted.ietf@gmail.com; helo=mail-ie0-f172.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.711, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UmRWL-0003Sg-7U cba8585712b8922262ba6d85099a26a0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Header Compression
Archived-At: <http://www.w3.org/mid/CA+9kkMAgPWFUVHgZrLuf+1-qtV17hY93-mRwh9-UH04Yw4MhfQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18215
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Tue, Jun 11, 2013 at 7:05 AM, RUELLAN Herve
<Herve.Ruellan@crf.canon.fr>wrote:

> I just did it :
> http://www.ietf.org/id/draft-ruellan-http-header-compression-00.txt
>
> Hervé.
>
>
Hi Herve,

A couple of quick comments.  First, for the TODO in your security
considerations section, I think you should probably expand on the text in
the overview, which describes the attack on Deflate and unpack why the
current scheme is resistant to similar attacks.  Second, the document
describes substitution and insertion, but does not describe deletion.   If
a party wishes to remove a header (note:  not change to a null value) is
this possible and, if so, what's the process?

regards,

Ted Hardie



> > -----Original Message-----
> > From: Martin Thomson [mailto:martin.thomson@gmail.com]
> > Sent: jeudi 6 juin 2013 18:46
> > To: RUELLAN Herve
> > Cc: Ryan Hamilton; ietf-http-wg@w3.org
> > Subject: Re: Header Compression
> >
> > On 6 June 2013 04:43, RUELLAN Herve <Herve.Ruellan@crf.canon.fr> wrote:
> > > Yes there are now both HTML and txt version available:
> > > http://http2.github.io/compression-spec/compression-spec.html
> > > http://http2.github.io/compression-spec/compression-spec.txt
> >
> > Could you please visit https://datatracker.ietf.org/idst/upload.cgi
> > and go through the motions for us.  It's a procedural matter that
> shouldn't
> > take more than a couple of minutes.
>

v2.23.0 | Report a Bug | By Email