Re: [hybi] Per-frame compression spec draft 06
"Arman Djusupov" <arman@noemax.com> Wed, 14 March 2012 16:05 UTC
Return-Path: <arman@noemax.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15B2521F873A for <hybi@ietfa.amsl.com>; Wed, 14 Mar 2012 09:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.333
X-Spam-Level:
X-Spam-Status: No, score=-2.333 tagged_above=-999 required=5 tests=[AWL=0.266, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JTcdadflnAQ0 for <hybi@ietfa.amsl.com>; Wed, 14 Mar 2012 09:05:05 -0700 (PDT)
Received: from mail.noemax.com (mail.noemax.com [64.34.201.8]) by ietfa.amsl.com (Postfix) with ESMTP id 4C40221F86DC for <hybi@ietf.org>; Wed, 14 Mar 2012 09:05:04 -0700 (PDT)
Received: from vista1 by mail.noemax.com (IceWarp 9.4.1) with ASMTP (SSL) id YTT83008; Wed, 14 Mar 2012 18:05:08 +0200
From: Arman Djusupov <arman@noemax.com>
To: 'John Tamplin' <jat@google.com>, 'Greg Wilkins' <gregw@webtide.com>
References: <CAH9hSJY9d074n+jWZ7mK9O_jfw8rKecmqcKnzWG3KrWMP_UhRQ@mail.gmail.com> <CABLsOLDBOvE0s8Qc1UwG66gJaBWHMsBZOgktZKMaGUveODabjg@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C1147F18BAA@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <CAH9hSJaUzwq8mt=NMDYhT1S7RA2Kw_7zFqc207BzCf5oFm_fMA@mail.gmail.com> <CABLsOLAvop4Wa3ouNQTk=-o7nZbN3GZYvFiaugUgE6-ZoYYUXg@mail.gmail.com> <007701cd0133$8cf4dd70$a6de9850$@noemax.com> <CABLsOLCTV+AbOH24xVGsXnV0OsoLgicJ+_mVd84nSE_NMLmWaw@mail.gmail.com> <002001cd01bd$b1bf6690$153e33b0$@noemax.com> <CABLsOLDOhSbjtvKdy621TRuETF6RPrDojkz3ENg_KAp+tdBRsA@mail.gmail.com>
In-Reply-To: <CABLsOLDOhSbjtvKdy621TRuETF6RPrDojkz3ENg_KAp+tdBRsA@mail.gmail.com>
Date: Wed, 14 Mar 2012 18:05:00 +0200
Message-ID: <005201cd01fc$3ae53a60$b0afaf20$@noemax.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0053_01CD020C.FE6E0A60"
X-Mailer: Microsoft Outlook 14.0
thread-index: AQEFf2crWbrct+xTc1bODTMkU5A6FAGBA42bAdhteGgAc2U4agHWpgNgAWpZfk0CknPZbwKwyMg+AZv8QIGXiZACIA==
Content-Language: en-us
Cc: hybi@ietf.org, 'Gabriel Montenegro' <Gabriel.Montenegro@microsoft.com>
Subject: Re: [hybi] Per-frame compression spec draft 06
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2012 16:05:06 -0000
The server will anyway have to go into such details. It can’t simply trust the Sec-WebSocket-Extensions header sent by the client and apply all extensions in the order specified by the client. If the server blindly trusts the order specified by the client, malicious or misbehaving clients will be able to trick the server in combining extensions in the worst possible order or in applying incompatible extensions together. With best regards, Arman From: John Tamplin [mailto:jat@google.com] Sent: Wednesday, March 14, 2012 5:11 PM To: Arman Djusupov; Greg Wilkins Cc: Takeshi Yoshino; hybi@ietf.org; Gabriel Montenegro Subject: Re: [hybi] Per-frame compression spec draft 06 On Wed, Mar 14, 2012 at 4:37 AM, Arman Djusupov <arman@noemax.com> wrote: IMO a server should be ready to handle situations where the use of the one extension prohibits the use of another. Just like with HTTP Accept-Encoding header “gzip, deflate” or with mux channel compression “deflate-frame, mux, deflate-frame” where deflate-frame can be applied either before or after mux. Grouping up supported extensions into mutuality exclusive groups would probably be simpler than parsing complex extension headers and creating specifications for negotiating the extensions of each type. The server can check the extension header for the presence of supported extensions from the same group. Once a supported extension found, other extensions of the same group are excluded. Such grouping of extensions can even be defined as comma separated list of extension names sorted by the order of preference. @Greg - IIRC, you were one of the ones who objected to requiring low-level code to know such details due to server architectures you had in mind -- is that accurate and if so still the case? -- John A. Tamplin Software Engineer (GWT), Google
- [hybi] Per-frame compression spec draft 06 Takeshi Yoshino
- Re: [hybi] Per-frame compression spec draft 06 John Tamplin
- Re: [hybi] Per-frame compression spec draft 06 Gabriel Montenegro
- Re: [hybi] Per-frame compression spec draft 06 Takeshi Yoshino
- Re: [hybi] Per-frame compression spec draft 06 John Tamplin
- Re: [hybi] Per-frame compression spec draft 06 Arman Djusupov
- Re: [hybi] Per-frame compression spec draft 06 John Tamplin
- Re: [hybi] Per-frame compression spec draft 06 Takeshi Yoshino
- Re: [hybi] Per-frame compression spec draft 06 Arman Djusupov
- Re: [hybi] Per-frame compression spec draft 06 John Tamplin
- Re: [hybi] Per-frame compression spec draft 06 John Tamplin
- Re: [hybi] Per-frame compression spec draft 06 Arman Djusupov