Re: [Wikitech-l] SPDY?

-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name] > *--* > *Tyler Romeo* > Stevens Institute of Technology, Class of 2015 > Major in Computer Science > www.whizkidztech.com | tylerromeo@gmail.com > > > > On Sun, Oct 28, 2012 at 2:03 AM, Dmitriy Sintsov questpc@rambler.ru > wrote: > >> >> >> 27 Октябрь 2012 г. 23:20:39 пользователь Chad >> (innocentkiller@gmail.com) >>> написал: >>> >>> Not to mention varnish/squid. >>> >>> >>> Varnish author on SPDY: >> http://developers.slashdot.**org/story/12/07/13/1327235/** >> varnish-author-suggests-spdy-**should-be-viewed-as-a-**prototypehttp://developers.slashdot.org/story/12/07/13/1327235/varnish-author-suggests-spdy-should-be-viewed-as-a-prototype >> >> "The author of Varnish, Poul-Henning Kamp, has written an interesting >> critique of SPDY and the other draft protocols trying to become HTTP >> 2.0. >> He suggests none of the candidates make the cut. Quoting: 'Overall, I >> find >> the design approach taken in SPDY deeply flawed. For instance >> identifying >> the standardized HTTP headers, by a 4-byte length and textual name, and >> then applying a deflate compressor to save bandwidth is totally at odds >> with the job of HTTP routers which need to quickly extract the Host: >> header >> in order to route the traffic, preferably without committing extensive >> resources to each request. ... It is still unclear for me if or how SPDY >> can be used on TCP port 80 or if it will need a WKS allocation of its >> own, >> which would open a ton of issues with firewalling, filtering and >> proxying >> during deployment. (This is one of the things which makes it hard to >> avoid >> the feeling that SPDY really wants to do away with all the "middle-men") >> With my security-analyst hat on, I see a lot of DoS potential in the >> SPDY >> protocol, many ways in which the client can make the server expend >> resources, and foresee a lot of complexity in implementing the server >> side >> to mitigate and deflect malicious traffic.'