Re: [hybi] Upgrade Mechanism and HasMat (was Re: Extensibility mechanisms?)
"Roy T. Fielding" <fielding@gbiv.com> Thu, 22 July 2010 22:26 UTC
Return-Path: <fielding@gbiv.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B931E3A6A00 for <hybi@core3.amsl.com>; Thu, 22 Jul 2010 15:26:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.456
X-Spam-Level:
X-Spam-Status: No, score=-5.456 tagged_above=-999 required=5 tests=[AWL=-2.857, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c9GA9yoV8Chq for <hybi@core3.amsl.com>; Thu, 22 Jul 2010 15:26:09 -0700 (PDT)
Received: from spaceymail-a6.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by core3.amsl.com (Postfix) with ESMTP id DC6633A69E2 for <hybi@ietf.org>; Thu, 22 Jul 2010 15:26:09 -0700 (PDT)
Received: from di-524.corp.day.com (wsip-98-189-13-228.oc.oc.cox.net [98.189.13.228]) by spaceymail-a6.g.dreamhost.com (Postfix) with ESMTP id 5797BCA7B6; Thu, 22 Jul 2010 15:26:27 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <AANLkTik0JQJnPe2wWq4aLGE7DCGwXPdJ-OCouAVJ5eNz@mail.gmail.com>
Date: Thu, 22 Jul 2010 15:26:26 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <01723130-7E7A-4640-B764-8AB09BD9674B@gbiv.com>
References: <Pine.LNX.4.64.1007212153110.7242@ps20323.dreamhostps.com> <AANLkTiku76oSucTNDFdwgsFBNFa_cCpC-YktTnMfX47-@mail.gmail.com> <4C479130.4020500@caucho.com> <AANLkTikLDjBP-Xs5t6TxmJuq4nG8jwThQ=n34B4cEmup@mail.gmail.com> <4C479CE4.6070805@caucho.com> <AANLkTims1er0Rbv0ysP4gRs1Kd0He8hapHeJ3nON=JQa@mail.gmail.com> <4C47C5B0.3030006@caucho.com> <AANLkTi=ND-FOH8OoD=TCbiyeSZ-h0LhxQBXN5w-2hfvj@mail.gmail.com> <20100722055452.GL7174@1wt.eu> <AANLkTik_rpxo=1OfzHkwpC5soQG_NxvGuZNXx7gdhVTh@mail.gmail.com> <20100722064945.GM7174@1wt.eu> <AANLkTim7AsQGSwLE51uktj=B1vB6roZChAtDoCrE6fFG@mail.gmail.com> <4C47FF71.3050000@ericsson.com> <18E0FF9C-6C51-4602-92E1-E44802D0D8B5@gbiv.com> <AANLkTi=9npOTe+pC0YufDQcmMfuts9o7OW3k2crvUUqX@mail.gmail.com> <168631FD-48D0-42C6-9E72-AF2FB3F9243E@gbiv.com> <AANLkTik0JQJnPe2wWq4aLGE7DCGwXPdJ-OCouAVJ5eNz@mail.gmail.com>
To: John Tamplin <jat@google.com>
X-Mailer: Apple Mail (2.1081)
Cc: hybi@ietf.org
Subject: Re: [hybi] Upgrade Mechanism and HasMat (was Re: Extensibility mechanisms?)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 22:26:10 -0000
On Jul 22, 2010, at 2:50 PM, John Tamplin wrote: > On Thu, Jul 22, 2010 at 5:03 PM, Roy T. Fielding <fielding@gbiv.com> wrote: > You can even avoid the issue entirely, using HTTP, > by implementing transfer-encoding and sending all message bodies compressed. > > Actually, it probably wouldn't be that hard to construct plain-text which would produce a given attack text as a substring of the compressed output, and it might even give an attacker away to produce binary framing that they otherwise would be unable to. Interesting. I have never seen anything like that in practice because gzip bit sequences are rarely in the ASCII plane. It could be prevented by keeping control of the dictionary (mapping LF to something impossible). ....Roy
- [hybi] Extensibility mechanisms? Justin Erenkrantz
- Re: [hybi] Extensibility mechanisms? Thomson, Martin
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Justin Erenkrantz
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Justin Erenkrantz
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Thomson, Martin
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Martin J. Dürst
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- [hybi] HTTP is not a disaster. Was: Extensibility… Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] HTTP is not a disaster. Was: Extensibi… Pieter Hintjens
- Re: [hybi] Extensibility mechanisms? Pieter Hintjens
- Re: [hybi] Extensibility mechanisms? Bjoern Hoehrmann
- [hybi] NAT reset recovery? Was: Extensibility mec… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- [hybi] WebSocket, TLS and intermediaries Vladimir Katardjiev
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Julian Reschke
- Re: [hybi] Extensibility mechanisms? Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Greg Wilkins
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Pieter Hintjens
- Re: [hybi] NAT reset recovery? Was: Extensibility… Thomson, Martin
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Thomson, Martin
- Re: [hybi] NAT reset recovery? Was: Extensibility… Vladimir Katardjiev
- Re: [hybi] NAT reset recovery? Was: Extensibility… Dave Cridland
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Markus.Isomaki
- Re: [hybi] NAT reset recovery? Was: Extensibility… Dave Cridland
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] NAT reset recovery? Was: Extensibility… Jamie Lokier
- Re: [hybi] WebSocket, TLS and intermediaries Ian Hickson
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] Extensibility mechanisms? John Tamplin
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Jack Moffitt
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] WebSocket, TLS and intermediaries Mike Belshe
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] WebSocket, TLS and intermediaries John Tamplin
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] WebSocket, TLS and intermediaries Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Thomson, Martin
- Re: [hybi] WebSocket, TLS and intermediaries Thomson, Martin
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Roberto Peon
- Re: [hybi] WebSocket, TLS and intermediaries Julian Reschke
- Re: [hybi] Extensibility mechanisms? Simone Bordet
- Re: [hybi] Extensibility mechanisms? Simone Bordet
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] WebSocket, TLS and intermediaries Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Ian Hickson
- Re: [hybi] WebSocket, TLS and intermediaries Ian Hickson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Mike Belshe
- Re: [hybi] WebSocket, TLS and intermediaries Greg Wilkins
- Re: [hybi] WebSocket, TLS and intermediaries Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] WebSocket, TLS and intermediaries Roberto Peon
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- [hybi] Upgrade Mechanism and HasMat (was Re: Exte… Salvatore Loreto
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Salvatore Loreto
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Willy Tarreau
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Extensibility mechanisms? John Tamplin
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Dave Cridland
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? John Tamplin
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Mike Belshe
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … John Tamplin
- Re: [hybi] Extensibility mechanisms? Willy Tarreau
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Roy T. Fielding
- Re: [hybi] Extensibility mechanisms? Simon Pieters
- Re: [hybi] Extensibility mechanisms? Greg Wilkins
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Greg Wilkins
- Re: [hybi] Upgrade Mechanism and HasMat (was Re: … Maciej Stachowiak
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Jamie Lokier
- Re: [hybi] Extensibility mechanisms? Adam Barth
- Re: [hybi] Extensibility mechanisms? Scott Ferguson
- Re: [hybi] WebSocket, TLS and intermediaries Patrick McManus