Re: [hybi] Per-frame compression spec draft 06

"Arman Djusupov" <arman@noemax.com> Wed, 14 March 2012 16:05 UTC

From: Arman Djusupov <arman@noemax.com>
To: 'John Tamplin' <jat@google.com>, 'Greg Wilkins' <gregw@webtide.com>
References: <CAH9hSJY9d074n+jWZ7mK9O_jfw8rKecmqcKnzWG3KrWMP_UhRQ@mail.gmail.com> <CABLsOLDBOvE0s8Qc1UwG66gJaBWHMsBZOgktZKMaGUveODabjg@mail.gmail.com> <CA566BAEAD6B3F4E8B5C5C4F61710C1147F18BAA@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <CAH9hSJaUzwq8mt=NMDYhT1S7RA2Kw_7zFqc207BzCf5oFm_fMA@mail.gmail.com> <CABLsOLAvop4Wa3ouNQTk=-o7nZbN3GZYvFiaugUgE6-ZoYYUXg@mail.gmail.com> <007701cd0133$8cf4dd70$a6de9850$@noemax.com> <CABLsOLCTV+AbOH24xVGsXnV0OsoLgicJ+_mVd84nSE_NMLmWaw@mail.gmail.com> <002001cd01bd$b1bf6690$153e33b0$@noemax.com> <CABLsOLDOhSbjtvKdy621TRuETF6RPrDojkz3ENg_KAp+tdBRsA@mail.gmail.com>
In-Reply-To: <CABLsOLDOhSbjtvKdy621TRuETF6RPrDojkz3ENg_KAp+tdBRsA@mail.gmail.com>
Date: Wed, 14 Mar 2012 18:05:00 +0200
Message-ID: <005201cd01fc$3ae53a60$b0afaf20$@noemax.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0053_01CD020C.FE6E0A60"
thread-index: AQEFf2crWbrct+xTc1bODTMkU5A6FAGBA42bAdhteGgAc2U4agHWpgNgAWpZfk0CknPZbwKwyMg+AZv8QIGXiZACIA==
Content-Language: en-us
Cc: hybi@ietf.org, 'Gabriel Montenegro' <Gabriel.Montenegro@microsoft.com>
Subject: Re: [hybi] Per-frame compression spec draft 06
Precedence: list

The server will anyway have to go into such details. It can’t simply trust the Sec-WebSocket-Extensions header sent by the client and apply all extensions in the order specified by the client. If the server blindly trusts the order specified by the client, malicious or misbehaving clients will be able to trick the server in combining extensions in the worst possible order or in applying incompatible extensions together.

 

With best regards,

Arman

 

From: John Tamplin [mailto:jat@google.com] 
Sent: Wednesday, March 14, 2012 5:11 PM
To: Arman Djusupov; Greg Wilkins
Cc: Takeshi Yoshino; hybi@ietf.org; Gabriel Montenegro
Subject: Re: [hybi] Per-frame compression spec draft 06

 

On Wed, Mar 14, 2012 at 4:37 AM, Arman Djusupov <arman@noemax.com> wrote:

IMO a server should be ready to handle situations where the use of the one extension prohibits the use of another. Just like with HTTP Accept-Encoding header “gzip, deflate” or with mux channel compression “deflate-frame, mux, deflate-frame” where deflate-frame can be applied either before or after mux. Grouping up supported extensions into mutuality exclusive groups would probably be simpler than parsing complex extension headers and creating specifications for negotiating the extensions of each type. 

The server can check the extension header for the presence of supported extensions from the same group. Once a supported extension found, other extensions of the same group are excluded. Such grouping of extensions can even be defined as comma separated list of extension names sorted by the order of preference.

@Greg - IIRC, you were one of the ones who objected to requiring low-level code to know such details due to server architectures you had in mind -- is that accurate and if so still the case?

 

-- 
John A. Tamplin
Software Engineer (GWT), Google

[hybi] Per-frame compression spec draft 06 Takeshi Yoshino
Re: [hybi] Per-frame compression spec draft 06 John Tamplin
Re: [hybi] Per-frame compression spec draft 06 Gabriel Montenegro
Re: [hybi] Per-frame compression spec draft 06 Takeshi Yoshino
Re: [hybi] Per-frame compression spec draft 06 John Tamplin
Re: [hybi] Per-frame compression spec draft 06 Arman Djusupov
Re: [hybi] Per-frame compression spec draft 06 John Tamplin
Re: [hybi] Per-frame compression spec draft 06 Takeshi Yoshino
Re: [hybi] Per-frame compression spec draft 06 Arman Djusupov
Re: [hybi] Per-frame compression spec draft 06 John Tamplin
Re: [hybi] Per-frame compression spec draft 06 John Tamplin
Re: [hybi] Per-frame compression spec draft 06 Arman Djusupov