On Mon, May 20, 2024 at 4:12 PM Magnus Hagander <magnus@hagander.net> wrote:
> That used to be the case in HTTP/1. But header compression was one of the headline features of HTTP/2, which isn't
exactlynew anymore. But there's a special algorithm, HPACK, for it. And then http/3 uses QPACK. Cloudflare has a pretty
decentblog post explaining why and how: https://blog.cloudflare.com/hpack-the-silent-killer-feature-of-http-2/, or
rfc7541for all the details.
>
> tl;dr; is yes, let's be careful not to expose headers to a CRIME-style attack. And I doubt our connections has as
muchto gain by compressing "header style" fields as http, so we are probably better off just not compressing > Work:
https://www.redpill-linpro.com/
What do you think constitutes a header in the context of the
PostgreSQL wire protocol?
--
Robert Haas
EDB: http://www.enterprisedb.com