reimplement spdy upstream compression

RESOLVED WONTFIX

Status

()

Core
Networking: HTTP
--
enhancement
RESOLVED WONTFIX
6 years ago
4 years ago

People

(Reporter: mcmanus, Assigned: mcmanus)

Tracking

({sec-other})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [spdy])

(Assignee)

Description

6 years ago
as part of 779413 spdy upstream compression was disabled in both spdy/2 and spdy/3 to plug a cookie extraction by traffic analysis attack.

It is expected that spdy/4 won't suffer from the problem, but we can find a way to get some compression back in 2/3 with a clever implementation. Chrome has made custom zlib modifications in http://src.chromium.org/viewvc/chrome?view=rev&revision=151720 to accomplish this, and we could build on that code as one potential option.

this is marked as a security bug because of the dependency on 779413 - when that vulnerability is published this can bug can be opened too. It doesn't need a security rating of its own.
Keywords: sec-other

Comment 1

5 years ago
Opening as bug 779413 is now public.
Group: core-security

Updated

5 years ago
Depends on: 868551
(Assignee)

Comment 2

4 years ago
http/2 is going to be the answer here.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.