httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hanno Böck <ha...@hboeck.de>
Subject Re: FYI brotli
Date Tue, 17 Jan 2017 12:42:14 GMT
On Mon, 16 Jan 2017 18:06:40 -0600
William A Rowe Jr <wrowe@rowe-clan.net> wrote:

> If so, maybe we teach both to step out of the way when SSL encryption
> filters are in place?

This would make no sense. Brotli is only supported over HTTPS by
browsers.

Compression-based attacks are a tricky problem, however someone has yet
to show that they are abused in practice. But preventing deployment of a
new compression algorithm doesn't help. You'd have to disable
compression altogether to avoid them.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Mime
View raw message