Re: New Version Notification for draft-kerwin-http2-encoded-data-01.txt
Roberto Peon <grmocg@gmail.com> Wed, 23 July 2014 06:00 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 360211A002D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Jul 2014 23:00:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.002
X-Spam-Level:
X-Spam-Status: No, score=-7.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l7bOfd9Hcbpu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 22 Jul 2014 23:00:32 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AF0A1A0021 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 22 Jul 2014 23:00:32 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1X9pYF-0002tf-Cu for ietf-http-wg-dist@listhub.w3.org; Wed, 23 Jul 2014 05:57:19 +0000
Resent-Date: Wed, 23 Jul 2014 05:57:19 +0000
Resent-Message-Id: <E1X9pYF-0002tf-Cu@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1X9pY1-0002s0-Uk for ietf-http-wg@listhub.w3.org; Wed, 23 Jul 2014 05:57:05 +0000
Received: from mail-oi0-f41.google.com ([209.85.218.41]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1X9pY0-0000kd-Tf for ietf-http-wg@w3.org; Wed, 23 Jul 2014 05:57:05 +0000
Received: by mail-oi0-f41.google.com with SMTP id a141so522041oig.0 for <ietf-http-wg@w3.org>; Tue, 22 Jul 2014 22:56:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1bZfFQSZvRQ6YDA5h3OnoYHPTTTqKWtJRMTJcqgu5no=; b=eb5mG9FhQNRR1RPupRVyW+dulP+azs8kVvofy/iM0YItI0d8qN3DeGnts9gOXvqPg8 5An1GLQNpLUVR9co5d3kUExYJUXLsARDsWw4/EavZSobnkuR1BtodWC2k4WLxuuaFzak m5yp+n9l/GXLiS9ErptQz4BCDf+eMg//Dh0BNSnP0I8zSr1Ul4nYy8PrBpbP4YyB+xss 9G9BfExDdogWEOZArSIvDN+vZwTvEXbgzWFXICi/D13g02agD2uBLCCnfL2VUILvKLFY cGfiYKJDJQyBPRdr/naPbIMnEv9gRhmXQGIuzQzGAhhcUJO1wRFJ6TQZN8XG37TeF8RM BDsA==
MIME-Version: 1.0
X-Received: by 10.182.114.131 with SMTP id jg3mr56326901obb.9.1406094998651; Tue, 22 Jul 2014 22:56:38 -0700 (PDT)
Received: by 10.76.1.19 with HTTP; Tue, 22 Jul 2014 22:56:38 -0700 (PDT)
In-Reply-To: <53CF3F43.5040609@treenet.co.nz>
References: <20140721234651.7996.35285.idtracker@ietfa.amsl.com> <CACweHNDQ-rVJW6_uq=3H4Pcnf2NdbdE058OvXUVEnmfh+DJSnA@mail.gmail.com> <CAH_y2NGrwbUiOEHiux4e7qz=HHM3xSBRojpURkOO6d6E4ca5FA@mail.gmail.com> <CACweHNC6Pd_TSw2bBumFDiWDNxcxUHZZnm5=HvV76jGwVzDrYA@mail.gmail.com> <53CF3F43.5040609@treenet.co.nz>
Date: Tue, 22 Jul 2014 22:56:38 -0700
Message-ID: <CAP+FsNeAVHv+YoWwsA9u24ZPp-Au_FnVDqw6_wfv0AA_D0v-cg@mail.gmail.com>
From: Roberto Peon <grmocg@gmail.com>
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11c2e396ea497604fed60078"
Received-SPF: pass client-ip=209.85.218.41; envelope-from=grmocg@gmail.com; helo=mail-oi0-f41.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.714, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1X9pY0-0000kd-Tf 50ba400567c619329727dfbff29a999a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-kerwin-http2-encoded-data-01.txt
Archived-At: <http://www.w3.org/mid/CAP+FsNeAVHv+YoWwsA9u24ZPp-Au_FnVDqw6_wfv0AA_D0v-cg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26307
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Actually, it is an issue, so long as there is no ordering requirement on extension frames (as we'd have had with END_SEGMENT). We've not imposed (actually removed) such restrictions on proxies, and so we may find that there is no way to do it in the future. That would be a sad day. -=R On Tue, Jul 22, 2014 at 9:51 PM, Amos Jeffries <squid3@treenet.co.nz> wrote: > On 23/07/2014 12:26 p.m., Matthew Kerwin wrote: > > On 23 July 2014 09:14, Greg Wilkins <gregw@intalio.com> wrote: > > > >> > >> Matthew, > >> > >> why are the compression contexts frame only? Doesn't that make this > >> extension very vulnerable to fragmentation, specially if we drop > >> END_SEGMENT as we have done. > >> > >> > >> > >> > >> > >> Surely there is no harm in having a compression context that is per > stream? > >> > >> > > The two main reasons were CRIME/BREACH attacks, and to limit the state > > commitment, particularly when transport-level compression was part of the > > main spec. I'm trying to dig up a reference to the conversation that lead > > to it; here's one cherry I've picked from the archives, which might be a > > starting point back from which to work: > > http://lists.w3.org/Archives/Public/ietf-http-wg/2014AprJun/0297.html > Three > > months is such a long time ago, on the internet. :\ > > > > Incidentally, END_SEGMENT had potential to enforce useful fragmentation > -- > > i.e. avoiding a CRIME/BREACH attack by separating secret and > > attacker-controlled data with an end-to-end barrier -- if the END_SEGMENT > > mechanism was exposed to the origin application. > > Fragmentation is not a problem. There are two obvious options from using > a new extension frame type; either 1) define the frame as > non-fragmentable, or 2) containing an END_SEGMENT flag. > > Amos > >
- Fwd: New Version Notification for draft-kerwin-ht… Matthew Kerwin
- Re: Fwd: New Version Notification for draft-kerwi… Poul-Henning Kamp
- Re: Fwd: New Version Notification for draft-kerwi… Matthew Kerwin
- Re: New Version Notification for draft-kerwin-htt… Greg Wilkins
- Re: New Version Notification for draft-kerwin-htt… Matthew Kerwin
- Re: New Version Notification for draft-kerwin-htt… Amos Jeffries
- Re: New Version Notification for draft-kerwin-htt… Roberto Peon
- Re: New Version Notification for draft-kerwin-htt… Amos Jeffries
- Re: New Version Notification for draft-kerwin-htt… Matthew Kerwin
- Re: New Version Notification for draft-kerwin-htt… Roberto Peon
- Re: New Version Notification for draft-kerwin-htt… Roberto Peon
- Re: New Version Notification for draft-kerwin-htt… Matthew Kerwin