Re: delta encoding and state management
Willy Tarreau <w@1wt.eu> Tue, 22 January 2013 22:31 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B720121F874B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Jan 2013 14:31:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.733
X-Spam-Level:
X-Spam-Status: No, score=-9.733 tagged_above=-999 required=5 tests=[AWL=0.866, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h55pPGttQYTj for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Jan 2013 14:31:20 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 2BC5321F8739 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 22 Jan 2013 14:31:20 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1TxmML-0005gm-Su for ietf-http-wg-dist@listhub.w3.org; Tue, 22 Jan 2013 22:30:25 +0000
Resent-Date: Tue, 22 Jan 2013 22:30:25 +0000
Resent-Message-Id: <E1TxmML-0005gm-Su@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <w@1wt.eu>) id 1TxmMD-0005Jd-99 for ietf-http-wg@listhub.w3.org; Tue, 22 Jan 2013 22:30:17 +0000
Received: from 1wt.eu ([62.212.114.60]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <w@1wt.eu>) id 1TxmMC-0007L2-29 for ietf-http-wg@w3.org; Tue, 22 Jan 2013 22:30:17 +0000
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id r0MMTj3l032059; Tue, 22 Jan 2013 23:29:45 +0100
Date: Tue, 22 Jan 2013 23:29:45 +0100
From: Willy Tarreau <w@1wt.eu>
To: Roberto Peon <grmocg@gmail.com>
Cc: "William Chan (?????????)" <willchan@chromium.org>, James M Snell <jasnell@gmail.com>, Nico Williams <nico@cryptonector.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20130122222945.GN30692@1wt.eu>
References: <CAP+FsNcmLH6fWQoptBoP3a1x-zSpbP8piCFz1fg5KuF+6R3jjg@mail.gmail.com> <CAK3OfOj3ZgOZnzcQCifhb9f2One7vBUNGv7yhidkZqRzaeZYvQ@mail.gmail.com> <CAP+FsNfswUN-CK6heRGqEnSJatHGo3q2mZZLTrPnjapCZz2sTg@mail.gmail.com> <CABP7RbfDZcRH-0_AaN9iYjPN-v6QjU6_Xdy5o1BHYnDFWHtuAg@mail.gmail.com> <CAK3OfOh0xqZsPYcb0uRLnebKWTKO7ARkJ4joFZoqjiBSTmwBTA@mail.gmail.com> <CABP7Rbeb6MOYmYPhhsKFFtQwE0JxuPyShXY0zpkA5YX2JPSY_w@mail.gmail.com> <CAA4WUYhg2qt_z_TrOAH0ax6mUpYPNeG4x740CgQi5Voq=50K_Q@mail.gmail.com> <20130122212748.GJ30692@1wt.eu> <CAP+FsNfgLBYjn7D5rgTRvPnaRuAi4rNB_E6vXE4b3B=_dtx=-w@mail.gmail.com> <CAP+FsNcm_VBOsbptkLoOQXfgM-xAfYiZuqZusDm2YkoiszUfxA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAP+FsNcm_VBOsbptkLoOQXfgM-xAfYiZuqZusDm2YkoiszUfxA@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-3.1
X-W3C-Hub-Spam-Report: AWL=-3.059, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1TxmMC-0007L2-29 aa44ba8dbfc912aee7546d82706aa346
X-Original-To: ietf-http-wg@w3.org
Subject: Re: delta encoding and state management
Archived-At: <http://www.w3.org/mid/20130122222945.GN30692@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/16119
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Tue, Jan 22, 2013 at 01:54:18PM -0800, Roberto Peon wrote: > The thing that isn't in delta, etc. already is the idea of 'rooting' the > path space with the single request (which I like, but... it is subject to > the CRIME exploit if path-prefix grouping is done automatically by the > browser (instead of being defined by the content-developer)). I think that if the path-prefix only contains complete path components (not just some chars), then we're fine with the CRIME attack because in order to make the browser merge requests, the attacker has to brute-force each path component's name. Also, as long as it remains a path, it doesn't unveil what is located behind, which generally contains the most interesting stuff. > IF we take your proposal for eliminating much of the common-path prefix and > ensure that it isn't subject to CRIME, that is a winner in any scheme. Let's face it, the CRIME attack is against optimizations for redundant elements. We probably need to spend more time analysing all the failures involved in the attack itself than refraining from optimizing redundancy. I mean, how a forged request from an attacker slips in the middle of valid requests and how we can prevent it from being merged, or at least have it in its own group. Willy
- delta encoding and state management James M Snell
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management James M Snell
- Re: delta encoding and state management Nico Williams
- Re: delta encoding and state management James M Snell
- Re: delta encoding and state management Nico Williams
- Re: delta encoding and state management Nico Williams
- Re: delta encoding and state management Martin Thomson
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management James M Snell
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management Nico Williams
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management Nico Williams
- Re: delta encoding and state management Mark Nottingham
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management Nico Williams
- Re: delta encoding and state management James M Snell
- Re: delta encoding and state management Willy Tarreau
- Re: delta encoding and state management Adrien W. de Croy
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management Nico Williams
- Re: delta encoding and state management James M Snell
- RE: delta encoding and state management RUELLAN Herve
- Re: delta encoding and state management Mark Nottingham
- Re: delta encoding and state management William Chan (陈智昌)
- Re: delta encoding and state management Willy Tarreau
- Re: delta encoding and state management William Chan (陈智昌)
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management Willy Tarreau
- Re: delta encoding and state management Roberto Peon
- Re: delta encoding and state management Willy Tarreau
- Re: delta encoding and state management William Chan (陈智昌)
- Re: delta encoding and state management Willy Tarreau
- Re: delta encoding and state management William Chan (陈智昌)
- Re: delta encoding and state management Willy Tarreau
- Re: delta encoding and state management Patrick McManus
- Re: delta encoding and state management Poul-Henning Kamp
- Re: delta encoding and state management Patrick McManus
- Re: delta encoding and state management Benjamin Carlyle
- Re: delta encoding and state management Willy Tarreau
- Re: delta encoding and state management Patrick McManus
- Re: delta encoding and state management Patrick McManus
- Re: delta encoding and state management Willy Tarreau