On Tue, 19 Jul 2011, Takeshi Yoshino wrote:
>
> Use of deflate-stream is now mandatory in API spec. I think this kind of
> requirement is useless. How about leave it up to implementors' decision?
Well we don't want optional features, so it's either in or out.
> I think this requirement doesn'
On Wed, Jul 20, 2011 at 6:54 PM, Adam Barth wrote:
> Isn't the obvious solution to both problems to apply compression before
> masking?
>
Yes. However, that is not what deflate-stream does. There has been a
proposal for deflate-frame which would do exactly that, but it has not been
accepted as
On Wed, Jul 20, 2011 at 5:38 PM, Bjoern Hoehrmann wrote:
> * Adam Barth wrote:
>>On Wed, Jul 20, 2011 at 4:56 PM, Bjoern Hoehrmann wrote:
>>> There is draft-tyoshino-hybi-websocket-perframe-deflate for that. It's
>>> not a solution to the problem Takeshi Yoshino raised though, which is
>>> about
* Adam Barth wrote:
>On Wed, Jul 20, 2011 at 4:56 PM, Bjoern Hoehrmann wrote:
>> There is draft-tyoshino-hybi-websocket-perframe-deflate for that. It's
>> not a solution to the problem Takeshi Yoshino raised though, which is
>> about whether Websocket API conformance should impose restrictions on
On Wed, Jul 20, 2011 at 4:56 PM, Bjoern Hoehrmann wrote:
> * Adam Barth wrote:
>>On Wed, Jul 20, 2011 at 11:49 AM, Bjoern Hoehrmann wrote:
>>> The deflate-stream extension, when used for browser to server messages
>>> allows an attacker to put whatever bytes he likes on the wire, after a
>>> bit
* Adam Barth wrote:
>On Wed, Jul 20, 2011 at 11:49 AM, Bjoern Hoehrmann wrote:
>> The deflate-stream extension, when used for browser to server messages
>> allows an attacker to put whatever bytes he likes on the wire, after a
>> bit of unpredictable junk. Browser vendors were pretty opposed to th
On Wed, Jul 20, 2011 at 11:49 AM, Bjoern Hoehrmann wrote:
> * Takeshi Yoshino wrote:
>>Use of deflate-stream is now mandatory in API spec. I think this kind of
>>requirement is useless. How about leave it up to implementors' decision?
>>http://www.w3.org/Bugs/Public/show_bug.cgi?id=12917
>
> The d
* Takeshi Yoshino wrote:
>Use of deflate-stream is now mandatory in API spec. I think this kind of
>requirement is useless. How about leave it up to implementors' decision?
>http://www.w3.org/Bugs/Public/show_bug.cgi?id=12917
The deflate-stream extension, when used for browser to server messages
a
Hi,
On Wed, Jul 20, 2011 at 08:06, Jonas Sicking wrote:
> > I think this requirement doesn't really help us enforce endpoints
> > initiate/accept WebSocket with the same configuration. Because
> >
> > - non-browser UAs are free to be implemented without deflate-stream
> > - server developers wou
> I think this requirement doesn't really help us enforce endpoints
> initiate/accept WebSocket with the same configuration. Because
>
> - non-browser UAs are free to be implemented without deflate-stream
> - server developers would see/care only the wire protocol spec
Given the number of browser
Hi,
Use of deflate-stream is now mandatory in API spec. I think this kind of
requirement is useless. How about leave it up to implementors' decision?
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12917
Adrian first brought this up on bugzilla for discussion. I'd like to ask
opinions from whatwg.
11 matches
Mail list logo