IETF Logo Mail Archive

Re: [hybi] preliminary WebSockets compression experiments

Mike Belshe <mike@belshe.com> Tue, 27 April 2010 14:51 UTC

Return-Path: <mike@belshe.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B67128C155 for <hybi@core3.amsl.com>; Tue, 27 Apr 2010 07:51:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.547
X-Spam-Level:
X-Spam-Status: No, score=0.547 tagged_above=-999 required=5 tests=[AWL=-0.077, BAYES_50=0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQPNMM3UwjqN for <hybi@core3.amsl.com>; Tue, 27 Apr 2010 07:51:22 -0700 (PDT)
Received: from mail-px0-f172.google.com (mail-px0-f172.google.com [209.85.212.172]) by core3.amsl.com (Postfix) with ESMTP id 83E8528C1AE for <hybi@ietf.org>; Tue, 27 Apr 2010 07:44:46 -0700 (PDT)
Received: by pxi19 with SMTP id 19so2354039pxi.31 for <hybi@ietf.org>; Tue, 27 Apr 2010 07:44:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.10.39 with SMTP id 39mr1878188wfj.63.1272379469535; Tue, 27 Apr 2010 07:44:29 -0700 (PDT)
Received: by 10.143.44.3 with HTTP; Tue, 27 Apr 2010 07:44:29 -0700 (PDT)
In-Reply-To: <20100427133724.GA25405@shareable.org>
References: <q2z3f94964f1004231247zc7b60dc3l5fbb4748d129c3c@mail.gmail.com> <z2o2a10ed241004231448l7a63e329p98e04fbe1a750539@mail.gmail.com> <4BD59DA0.6060506@webtide.com> <k2m2a10ed241004260928q2448b8f6nae7c13db81a97579@mail.gmail.com> <20100427133724.GA25405@shareable.org>
Date: Tue, 27 Apr 2010 07:44:29 -0700
Message-ID: <s2y2a10ed241004270744sb925aebbof109b69298c84346@mail.gmail.com>
From: Mike Belshe <mike@belshe.com>
To: Jamie Lokier <jamie@shareable.org>
Content-Type: multipart/alternative; boundary="00504502b1f84d1a3f048538ee3e"
Cc: hybi@ietf.org
Subject: Re: [hybi] preliminary WebSockets compression experiments
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 14:51:23 -0000

On Tue, Apr 27, 2010 at 6:37 AM, Jamie Lokier <jamie@shareable.org> wrote:

> Mike Belshe wrote:
>  And the best answer is to have the protocol help avoid it.
> >     You can do so by encrypting everything to avoid tampering, or you can
> >    avoid it by mandating compression.
>
> It's not necessarily "best".
>
> First, if you encrypt everything end to end, that will prevent
> intermediaries from applying joint compression to multiple streams.
> That is most relevant to opportunistic multiplexing, but it isn't the
> only way.
>
> The results which started this thread strongly imply that joint
> compression of a stream of small objects is sometimes far better than
> individual compression of them - enough to tip the balance in favour
> of compression versus not, in some cases.
>
> Second, end to end encryption rules out some devices from using the
> protocol at all - they don't have enough processing capacity and/or
> memory to do it.
>

I don't believe this to be true.


>
> Third, same applies to mandatory compression, if it is one of the
> compression types which needs a lot of processing and/or memory.
>

I don't believe this to be true.  Processing power grows very fast in all
hardware.  You're going to have a quadcore on your mobile phone in 5 years.


>
> Fourth, we know that many client locations block many different kinds
> of outgoing traffic, and some of them block anything they don't
> understand.  That no doubt includes all encrypted traffic from some of
> them.  It should not be mandatory to encrypt, for that reason.
>

This is wrong; encryption protects the user and is valuable.  It will be
coming whether you like it or not.



>
> Fifthly, forcing implementations to use a compression scheme which was
> good in the year 2000 (deflate), is looking a bit dated now for
> compression performance (bzip2, lzma are better for many things), and
> is too compute intensive for on the fly encryption on slower or
> heavily loaded or power-sensitive devices (lzo family are better for
> that)... projecting ahead to 2015, 2020, the "mandatory" part of the
> spec would probably get ignored or worked around by many implementations.
>

Fine - I never made a claim that a specific algorithm must be mandated.


>
> Sixthly, we're assuming proxy-caches play no role in these protocols.
> With WebSocket itself, that's true, but with protocols like SPDY that
> might be layered over it, it is likely (imho) that a role will be
> found for proxy-caches.  End-to-end encryption is not compatible with
> that.
>

You're ignoring the problems caused by proxies.  I won't go into them again.
 But the hazards are so large that, for the last 10 years, basic protocol
changes have been unimplementable due to proxies.  New protocols should not
ignore this.

Mike


>
> -- Jamie
>

v2.23.0 | Report a Bug | By Email