IETF Logo Mail Archive

Re: Choosing a header compression algorithm

Roberto Peon <grmocg@gmail.com> Thu, 28 March 2013 00:22 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A09E21F933E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Mar 2013 17:22:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.931
X-Spam-Level:
X-Spam-Status: No, score=-9.931 tagged_above=-999 required=5 tests=[AWL=-0.533, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_55=0.6, J_CHICKENPOX_62=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFtegHkahxuK for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 27 Mar 2013 17:22:23 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 52A1021F93BD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 27 Mar 2013 17:22:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UL0bN-0007SF-U0 for ietf-http-wg-dist@listhub.w3.org; Thu, 28 Mar 2013 00:21:57 +0000
Resent-Date: Thu, 28 Mar 2013 00:21:57 +0000
Resent-Message-Id: <E1UL0bN-0007SF-U0@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1UL0bC-0007RR-Mk for ietf-http-wg@listhub.w3.org; Thu, 28 Mar 2013 00:21:46 +0000
Received: from mail-oa0-f41.google.com ([209.85.219.41]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1UL0bB-0003B9-Gy for ietf-http-wg@w3.org; Thu, 28 Mar 2013 00:21:46 +0000
Received: by mail-oa0-f41.google.com with SMTP id f4so7015133oah.0 for <ietf-http-wg@w3.org>; Wed, 27 Mar 2013 17:21:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=6PSZ49l4jLBYxel+lAm5QxtrM9v5fkdwBJybzKzDfxE=; b=vHv8C/7IoRxxAD6FlSQW7A8se2VVLKHZK2DZNl8uPR14D0VXGF+06yVkun1ecBaObu pdhOID4nrNJ5H4bYomv0WW0e7Q5mRNnvwpCPNViYMa5HYEhiehCwSaxESJ7lpJ9lNYSc 3fB23UDQBZQ4hZf8CuSKydwUYJgCO2vlgG2qMoeKMcA5HnrFvDw9RqhEvbsTU69dio6q krH0PKCecYtrUPuGShNEP8cSQBP+Z0NlGg9dYKQWW9CRFim4OvD3IRAmDoqZuSjUOlfC vYDgW9Dlt88sJl6TxcwEck1166XfiUup9BsBqYhCAl0vFUDixnh60IlA8nrpBKS99EuT IVLw==
MIME-Version: 1.0
X-Received: by 10.182.23.101 with SMTP id l5mr4677463obf.16.1364430079398; Wed, 27 Mar 2013 17:21:19 -0700 (PDT)
Received: by 10.76.109.72 with HTTP; Wed, 27 Mar 2013 17:21:19 -0700 (PDT)
In-Reply-To: <CAP+FsNfy0ognTBaF7USBcP9dTL5bQsruav30FmGB70m_0JfjyA@mail.gmail.com>
References: <254AABEE-22B9-418E-81B0-2729902C4413@mnot.net> <A14105FB-ED1A-4B70-8840-9648847BCC3A@mnot.net> <6C71876BDCCD01488E70A2399529D5E5163F3C67@ADELE.crf.canon.fr> <CAP+FsNfFohSwrX2DxthNcnn+wDj6T5W7xpcg4yA56Gvt_nP3_Q@mail.gmail.com> <6C71876BDCCD01488E70A2399529D5E5163F3D72@ADELE.crf.canon.fr> <7CA7F3EB-A492-471A-8AC4-23293DD10840@mnot.net> <6C71876BDCCD01488E70A2399529D5E5163F4076@ADELE.crf.canon.fr> <CAP+FsNdztfCJjvP58ryVXDRgGyGSPO-37gRMjAuwikz2eviBiw@mail.gmail.com> <CAP+FsNdQ7mNbsaAiUqEF22Oh8KMaK3UWUWFzWE=K0jQbkM7t1Q@mail.gmail.com> <6C71876BDCCD01488E70A2399529D5E5163F4263@ADELE.crf.canon.fr> <CAP+FsNeXvn6UasR6e56A7pHtrkXg6A0NnrVGmRYNW49Qu2vxqg@mail.gmail.com> <CAP+FsNfy0ognTBaF7USBcP9dTL5bQsruav30FmGB70m_0JfjyA@mail.gmail.com>
Date: Wed, 27 Mar 2013 17:21:19 -0700
Message-ID: <CAP+FsNd8-H2X_DTOn9WDp-DTeGkSg+2Luo5bvEgHaRXx0TNV0Q@mail.gmail.com>
From: Roberto Peon <grmocg@gmail.com>
To: RUELLAN Herve <Herve.Ruellan@crf.canon.fr>
Cc: "agl@google.com" <agl@google.com>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="f46d043749e134656304d8f122ed"
Received-SPF: pass client-ip=209.85.219.41; envelope-from=grmocg@gmail.com; helo=mail-oa0-f41.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.664, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UL0bB-0003B9-Gy 5e13eeac9f247efacdc19fae5bcc0b91
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Choosing a header compression algorithm
Archived-At: <http://www.w3.org/mid/CAP+FsNd8-H2X_DTOn9WDp-DTeGkSg+2Luo5bvEgHaRXx0TNV0Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17160
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Arg. Sorry, the best provably safe option for HeaderDiff is:

*headerdiff (buffer=4096, delta=false, huffman)*

* TOTAL: 5949 req messages
                                                          size  time |
ratio min   max   std
                                           http1     3,460,925  0.22 | 1.00
 1.00  1.00  0.00
           headerdiff (buffer=4096, delta=false)     1,250,042  0.64 | 0.36
 0.01  0.96  0.22
  headerdiff (buffer=4096, delta=false, huffman)       936,003  2.05 | 0.27
 0.01  0.79  0.16

* TOTAL: 5948 res messages
                                                          size  time |
ratio min   max   std
                                           http1     2,186,162  0.08 | 1.00
 1.00  1.00  0.00
           headerdiff (buffer=4096, delta=false)       768,387  2.16 | 0.35
 0.02  0.92  0.18
  headerdiff (buffer=4096, delta=false, huffman)       581,046  3.22 | 0.27
 0.02  0.73  0.14



On Wed, Mar 27, 2013 at 5:14 PM, Roberto Peon <grmocg@gmail.com> wrote:

> I've checked in some changes to delta2 which expands and documents various
> options for delta2 in the README.md.
>
> After running a number of variations of delta2, The following defaults
> look good for small buffer sizes:
>
> delta2=max_entries=256, small_index=1
>
> small_index basically says use a uint8 instead of a uint16 for
> representing indices, and is the kind of thing that could be messaged
> somewhere (opcode, flag, whatever).
>
> The best headerdiff option which I believe is safe against CRIME in the
> future is:
>   headerdiff=delta_type=false,huffman
>
> I removed prefix matching from delta some months ago (~6 I think?) after
> cogitating on it for a while and then speaking with security folks.. I just
> couldn't come up with a way I could prove was safe, unlike the
> atom-matching, which one can prove is no worse than a brute-force attack.
>
> I've appended runs with these values@4k buffer size for delta2 and
> headerdiff below.
> -=R
>
>
>
> * TOTAL: 5949 req messages
>
>                                             size  time | ratio min   max
> std
>
>                              http1     3,460,925  0.13 | 1.00  1.00  1.00
>  0.00
>   delta2 (max_byte_size=4096, max_entries=256, small_index=1, hg_adjust=0,
> implicit_hg_add=0, refcnt_vals=0)       664,683  4.16 | 0.19  0.02  0.83
>  0.15
>                                                          headerdiff
> (buffer=4096, delta_type=false, huffman)       759,783  2.03 | 0.22  0.01
>  0.78  0.18
>
> * TOTAL: 5948 res messages
>
>                                             size  time | ratio min   max
> std
>
>                              http1     2,186,162  0.12 | 1.00  1.00  1.00
>  0.00
>   delta2 (max_byte_size=4096, max_entries=256, small_index=1, hg_adjust=0,
> implicit_hg_add=0, refcnt_vals=0)       585,475  5.32 | 0.27  0.02  1.28
>  0.13
>                                                          headerdiff
> (buffer=4096, delta_type=false, huffman)       543,047  3.29 | 0.25  0.02
>  0.73  0.14
>
>
>
>

v2.23.0 | Report a Bug | By Email