>Well. Depending on the channel we use for feedback, DEFLATE might be a poor >option:
Well, yes, but anything can have security bugs, and I expect that the libraries for gzip which have been around for a decade have been audited a lot better than the ones for CBOR on which the paint is still wet. People have beens mailing around vast numbers of DMARC reports, most of which have an application/gzip body. If there have been attacks using DEFLATE bugs, nobody's gotten around to reporting them. Perhaps it would be helpful to explain why it would be a good idea to invent something new rather than adapt a an existing design that works well in practice. R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
