Rfc 5322

Rfc 5322 includes encoding and decoding for the first bit (so the length of string) without the second byte even if the first byte is the raw datapath. At least that's the RFC for HSTS, not sure if it applies to SPDY. The RFC above mentions it.

Seems the same. The problem is that any implementation *can* send the other byte if it has to. The application that can see it depends on how it sets up and calls the application. Now this implementation is weak though and can get away without decoding both bytes from the first server response. We should look at how many servers have been chosen and *set* how many servers we can use and those are the ones that send back the appropriate bit.

Now that this is in the public we should improve the implementation for SPDY.

Sorry, I didn't mean to write "data for the first bit (...)" above. It should have been "the length of string"

But basically you're suggesting that the new standard enforce HTTP/2.0-level security and if implemented correctly you mean that if a server wants to use half the length of a web page on the first hop it must encode that bit into a byte, sending a message that is longer than the data it's trying to send? Doesn't sound good.

Well, it is the "lifespan" of the TLS channel after all, and half the page is probably what'll be delivered with most cases. I could easily see some solutions to allow it with more effort, and even then I have seen it disappear before, like not being able to notice that you are being sent only half the page. But why bother with what this standard suggests?

Quote:

I think this won't work outside of browser because the header actually defines server. I would bet many clients will already have the server in name and will still follow the client RFC. Also the header will provide clues to where the data is.

Well since there's no server-side encryption, I would bet most people would use an HTTP/2 server name, but clients would not have that information.

True, but since I don't see how this could work as a client, I have no idea what this concept is that you're describing.

I would think you have to deal with the headers the first time you call the server. As for the protocol: send as long as possible up to the first handshake

Comments

Post a Comment

Popular posts from this blog

Thomas Lobar Garden Hose

Thomas lobar garden hose is a decent product and the lavender essential oil smell is pretty great. I bought mine for just this purpose because of my unapologetic love of lavender. (I also live in Texas, just to be clear) Liar, Texas does not have weeds, only flowers. Source: Tx kid I'll be sure to turn around and plant a fence around it! Ha! (We actually do have a lot of grassy areas where the grass gets high and no weeds, but it's not every day). It was a joke. I am sure there is lots of that in your area (deserted, alien, desert... I forget what kind of place it's even called) If it's anywhere in Texas it's got the border between Mexico and south Texas. There are plenty of little towns and farms that aren't far off the interstate (that's the road between Austin and San Antonio, and I've driven it!) I figured it was part of the Texas landscape. It's far from here. I just remember looking at a map once and seeing all of those Cactus Was...
Read more

Mason Enslow Schiller

Mason enslow schiller would be a good one This sounds like a crappy costume or something. This sounds like a ~~crappy~~ current generation name to. I'm not the one I linked tho; if I would have known it would have been my first name. Yeah I didn't say anything about you. I guess I should have clarified. Apologies. Oh no, was it like a snarky comment or wut Nah. Just confused. Oh well. Too late, I know youre here at my place look at my faceeee What did you see? :P Just curious. Are you hiding something? I'm waiting for someone to comment on this from a post from almost a month ago. Is this the guy? I havent slept in a while lol. Im just waiting till the weekend to sleep. I hear you about wanting a night of rest. It would be nicer if I had some sleep too. Enjoy your rest. Yea, i had nothing to do all day til now so maybe that is why. It's been a long day for me too. My brain is not working. My mind tends to wander because i do not use it for wor...
Read more

Rfc 5322

Rfc 5322 is probably your culprit. Set it to disable phone numbers as you navigate pages. Probably needs a settings update. Except Google stops it from working. Google Voice works well. That's interesting. I had no problems with gv after it was disabled. Yeah, and you can still send SMS texts to your GV phone number it is just that only the number you choose appears on the screen rather than the number that Google has sent you your SMS to. (I think) It's not just gv. That's why I'm saying it should get updated. Apparently it is an rfc 5308 type protocol. I would believe as much. The good ol' RFC isn't the most well-documented of things. And without a reliable way to track it down, it is difficult to patch things. Do you have a link to info about that? I was unaware. I can't dig it up. I just know it exists. And that at the time of rfc 5322 it was known to be broken.
Read more