Hacker NewsHttpz – Zero-Allocation HTTP/1.1 Parser for OxCaml
#HackerNews #Httpz #ZeroAllocation #HTTP1.1 #Parser #OxCaml #OpenSource
N-gated Hacker News🎉 #Quad9 has finally decided to retire something nobody even knew existed! 🚀 By December 2025, HTTP/1.1 will be laid to rest, and Quad9 will bravely venture into the future of internet protocols...with the speed of a sloth on a lazy Sunday. 🤦♂️
https://quad9.net/news/blog/doh-http-1-1-retirement/ #HTTP1.1 #Retirement #InternetProtocols #FutureOfTech #SlothSpeed #HackerNews #ngated
https://quad9.net/news/blog/doh-http-1-1-retirement/ #HTTP1.1 #Retirement #InternetProtocols #FutureOfTech #SlothSpeed #HackerNews #ngated
GripNews🌘 Quad9 將於 2025 年 12 月 15 日淘汰 DNS-over-HTTPS (DoH) 的 HTTP/1.1 支援
➤ 預告服務轉型:DNS-over-HTTPS 將告別 HTTP/1.1
✤ https://quad9.net/news/blog/doh-http-1-1-retirement/
Quad9 公告將於 2025 年 12 月 15 日停止支援使用 DNS-over-HTTPS (DoH) 的 HTTP/1.1 協定。此舉預計不會影響大多數使用最新瀏覽器和作業系統的用戶,但部分較舊或不符合標準的設備或軟體可能因此無法使用 DoH,需轉為使用未加密 DNS 或 DNS-over-TLS。Quad9 解釋此決策是為了簡化技術堆疊、降低維護成本,並為未來支援更多新協定騰出資源,同時也提及 HTTP/1.1 存在速度和安全風險。 MikroTik 設備是目前已知受影響的主要平臺,Quad9 已與其溝通,但尚未收到更新計畫。
+ Quad9 的決定是可以理解的,畢竟支援舊協定確實會增加維護負擔。希望
#網路安全 #DNS #DoH #HTTP1.1 #Quad9
➤ 預告服務轉型:DNS-over-HTTPS 將告別 HTTP/1.1
✤ https://quad9.net/news/blog/doh-http-1-1-retirement/
Quad9 公告將於 2025 年 12 月 15 日停止支援使用 DNS-over-HTTPS (DoH) 的 HTTP/1.1 協定。此舉預計不會影響大多數使用最新瀏覽器和作業系統的用戶,但部分較舊或不符合標準的設備或軟體可能因此無法使用 DoH,需轉為使用未加密 DNS 或 DNS-over-TLS。Quad9 解釋此決策是為了簡化技術堆疊、降低維護成本,並為未來支援更多新協定騰出資源,同時也提及 HTTP/1.1 存在速度和安全風險。 MikroTik 設備是目前已知受影響的主要平臺,Quad9 已與其溝通,但尚未收到更新計畫。
+ Quad9 的決定是可以理解的,畢竟支援舊協定確實會增加維護負擔。希望
#網路安全 #DNS #DoH #HTTP1.1 #Quad9
Erik Nygren 
I published a new #IETF draft last week for a proposed defense against #HRS (HTTP Request Smuggling) vulnerabilities in HTTP/1.1. It's intended for use between Intermediaries (eg, CDNs and reverse proxies) and origin servers. It uses TLS Exporters (or other keys in a local context) to cryptographically protect message context (eg, the equivalent of H2 and H3 stream IDs) but in a way that attackers can't influence. It is still an early-stage -00 draft so I'm looking for general interest from potential implementers.
https://datatracker.ietf.org/doc/html/draft-nygren-httpbis-http11-request-binding
HTTP/1.1 Request Smuggling Defense using Cryptographic Message Binding
HTTP/1.1 Message Binding adds new hop-by-hop header fields that are cryptographically bound to requests and responses. The keys used are negotiated out-of-band from the HTTP datastream (such as via TLS Exporters). These header fields allow endpoints to detect and mitigate desynchronization attacks, such as HTTP Request Smuggling, that exist due to datastream handling differences.
Oh great, another "HTTP/1.1 must die" #manifesto from the tech prophets 🗣️💀. Because clearly, if we don't bury HTTP/1.1, the internet will implode and take all our cat memes with it. 🙄🥱
https://portswigger.net/research/http1-must-die #HTTP1.1MustDie #TechProphets #InternetDebate #CatMemes #HackerNews #ngated
https://portswigger.net/research/http1-must-die #HTTP1.1MustDie #TechProphets #InternetDebate #CatMemes #HackerNews #ngated
HTTP/1.1 must die: the desync endgame
https://portswigger.net/research/http1-must-die
#HackerNews #HTTP1.1 #Must #Die #desync #endgame #HTTP #Protocol #Cybersecurity #WebDevelopment
🚀 Oh no, HTTP/1.1 is a ticking time bomb! 🕰️ Quick, everybody panic and head to Black Hat for the exclusive reveal on how to save the internet, or just watch as James Kettle becomes the new Internet superhero. 🎩⚔️ Follow along, because nothing screams "secure internet" like attending a hacker convention for the latest apocalypse update. 🌐🔥
https://http1mustdie.com/ #HTTP1.1 #Crisis #BlackHat #InternetSecurity #JamesKettle #HackerConvention #HackerNews #ngated
https://http1mustdie.com/ #HTTP1.1 #Crisis #BlackHat #InternetSecurity #JamesKettle #HackerConvention #HackerNews #ngated
data0#TIL: There are two ways to trigger use of the #HTTP3 / #QUIC #protocol in #webbrowsers:
#Chromium and #Firefox #browsers always start with #HTTP1 / #HTTP2, look for the “alt-svc” header in the response and switch to HTTP3 for subsequent requests if they find it. I knew that much.
But #Safari will instead query #DNS for the "#HTTPS" record and use that as a trigger. So it can work HTTP3-only for the cost of an additional DNS query. Unfortunately, the record type isn't widely supported yet.