Re: [quicwg/base-drafts] Field Terminology in QPACK Security Considerations (#4009)
Mike Bishop <notifications@github.com> Wed, 19 August 2020 13:26 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1713E3A09CC for <quic-issues@ietfa.amsl.com>; Wed, 19 Aug 2020 06:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Level:
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4qqbIHK_84uA for <quic-issues@ietfa.amsl.com>; Wed, 19 Aug 2020 06:26:54 -0700 (PDT)
Received: from out-24.smtp.github.com (out-24.smtp.github.com [192.30.252.207]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD6BB3A09DA for <quic-issues@ietf.org>; Wed, 19 Aug 2020 06:26:54 -0700 (PDT)
Received: from github-lowworker-f62aa54.va3-iad.github.net (github-lowworker-f62aa54.va3-iad.github.net [10.48.17.68]) by smtp.github.com (Postfix) with ESMTP id E0C66600049 for <quic-issues@ietf.org>; Wed, 19 Aug 2020 06:26:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1597843613; bh=qIppBDQy7c8jogGVYM3261+zDuOK3di/MKBxUkV1UBI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=nVvxLULSjgRcNIH+qkPOWKquOUIhrybYU58BcC+C9zBHyVLer37gtQphNh1jnA5xk uWgboiJ/OWK6JcgO0i33f/E0cJi1oGOqg+xDopR1v4jmMmVtQIe29YAGFhCJgvFBGX BaJ4o05ltzTcbBB+rWZh8NygKDoTkutQdQgW6eXE=
Date: Wed, 19 Aug 2020 06:26:53 -0700
From: Mike Bishop <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK5C7CE6MBB6X76SEOF5JEEZ3EVBNHHCRD25UQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/4009/review/470454773@github.com>
In-Reply-To: <quicwg/base-drafts/pull/4009@github.com>
References: <quicwg/base-drafts/pull/4009@github.com>
Subject: Re: [quicwg/base-drafts] Field Terminology in QPACK Security Considerations (#4009)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f3d289dd06bc_13131964152252"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: MikeBishop
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/A-XnI07w8oYZn3Dmg9PVVH0EhNg>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 13:26:56 -0000
@MikeBishop commented on this pull request. > To improve compression performance of this option, certain entries might be tagged as being public. For example, a web browser might make the values of the Accept-Encoding header field available in all requests. -An encoder without good knowledge of the provenance of header fields might -instead introduce a penalty for a header field with many different values, such -that a large number of attempts to guess a header field value results in the -header field not being compared to the dynamic table entries in future messages, -effectively preventing further guesses. +An encoder without good knowledge of the provenance of field values might +instead introduce a penalty for a field name with many different values, such Shorthand, I think. What it's trying to express is that if there are many field lines in the dynamic table which have the same field name and distinct values, you might with some probability ignore the dynamic table when encoding. The more entries, the higher the probability you should ignore them all to frustrate an attacker. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/quicwg/base-drafts/pull/4009#discussion_r473027526
- [quicwg/base-drafts] Field Terminology in QPACK S… Mike Bishop
- Re: [quicwg/base-drafts] Field Terminology in QPA… Mark Nottingham
- Re: [quicwg/base-drafts] Field Terminology in QPA… afrind
- Re: [quicwg/base-drafts] Field Terminology in QPA… Lucas Pardue
- Re: [quicwg/base-drafts] Field Terminology in QPA… Mike Bishop
- Re: [quicwg/base-drafts] Field Terminology in QPA… Mike Bishop
- Re: [quicwg/base-drafts] Field Terminology in QPA… Mike Bishop
- Re: [quicwg/base-drafts] Field Terminology in QPA… Mike Bishop