Intent to Ship: Compression dictionary transport with Shared Brotli and Shared Zstandard

555 views
Skip to first unread message

Tsuyoshi Horo

unread,
Aug 27, 2024, 5:36:27 AMAug 27
to blink-dev, Patrick Meenan, nidh...@chromium.org, Yoav Weiss, Kenji Baheux, deno...@chromium.org

Contact emails

ho...@chromium.orgpme...@chromium.orgnidh...@chromium.orgyoav...@chromium.orgkenji...@chromium.org

Explainer

https://github.com/WICG/compression-dictionary-transport

Specification

https://datatracker.ietf.org/doc/draft-ietf-httpbis-compression-dictionary

Design docs


https://docs.google.com/document/d/1IcRHLv-e9boECgPA5J4t8NDv9FPHDGgn0C12kfBgANg/edit
https://github.com/WICG/compression-dictionary-transport
https://datatracker.ietf.org/doc/draft-ietf-httpbis-compression-dictionary
https://docs.google.com/document/d/1WCK965Ew0hTN6k05o2JFi9Y-AdGfkB1io_i6LrTSeQs/edit?usp=sharing

Summary

This feature adds support for using designated previous responses, as an external dictionary for Brotli- or Zstandard-compressing HTTP responses. Enterprises might experience potential compatibility issues with enterprise network infrastructure. The CompressionDictionaryTransportEnabled policy is available to turn off the compression dictionary transport feature.



Blink component

Blink>Network

TAG review

https://github.com/w3ctag/design-reviews/issues/877

TAG review status

Issues addressed

Chromium Trial Name

CompressionDictionaryTransportV3


Origin Trial documentation link

https://chromium.googlesource.com/chromium/src/+/main/docs/experiments/compression-dictionary-transport.md


WebFeature UseCounter name

SharedDictionaryUsed

Chromium Trial Name

CompressionDictionaryTransport

Link to origin trial feedback summary

https://github.com/httpwg/http-extensions/issues?q=is%3Aissue+label%3Acompression-dictionary



Risks



Interoperability and Compatibility

Interoperability and Compatibility risk are low. This feature introduces a new compression method for transporting resources over HTTP. Web sites can know the browser support for the new feature by checking `document.createElement('link').relList.supports('dictionary')`. Also web servers can know the browser support by checking the `Accept-Encoding` request header and the new `Use-As-Dictionary` request header. This feature is an opt-in feature. And the dictionary storage is isolated using the top level site and the frame origin as the key. That means, if there is no dictionary registered for the site, the behavior of Chrome will not change while browsing the site. Also this feature is only usable within a secure-context. So this feature will not increase the risk of having network proxies meddle with the content’s encoding.



Gecko: Positive (https://github.com/mozilla/standards-positions/issues/771)

WebKit: Support (https://github.com/WebKit/standards-positions/issues/160)

Web developers: Positive based on origin trial feedback

Other signals:

Ergonomics

To reduce memory usage in network services, dictionary metadata is stored in a database on disk. And to avoid performance degradation for normal requests that do not use a dictionary, the reading of this metadata is designed not to block network requests. In other words, if the reading of metadata from the database is not completed before the request header is ready to be sent to the server, the dictionary may not be used even if it is already registered in the database.



Activation

To adopt this feature, web developers need to make changes in their web servers. Currently there is no major server softwares which supports compression dictionaries. Some CDNs have shared interest in supporting shared dictionary compression (e.g. publicly mentioned [*] in a blog post by Cloudflare). [*] https://blog.cloudflare.com/this-is-brotli-from-origin/#:~:text=One%20development%20that%20we%27re%20particularly%20focused%20on%20is%20shared%20dictionaries%20with%20Brotli.



Security

Chrome registers the response as a dictionary only when the response is CORS-readable from the document origin. Also we use a registered dictionary to decompress the response only when the response is CORS-readable from the document origin. Additionally, the dictionary and the compressed resource are required to be from the same origin as each other. So this should not introduce any new attack vector of stealing information. The dictionaries are partitioned with the storage cache and are cleared whenever cookies or cache is cleared to ensure that the dictionaries can not be abused as a tracking vector.



WebView application risks

None



Debuggability

We have introduced chrome://net-internals/#sharedDictionary. Using it, web developers can manage the registered dictionaries. Also web developers can check the related HTTP request and response headers (Use-As-Dictionary, Sec-Available-Dictionary, Accept-Encoding, Content-Encoding) using DevTools' Network panel.



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

Yes

Is this feature fully tested by web-platform-tests?

Yes

https://wpt.fyi/results/fetch/compression-dictionary



Flag name on chrome://flags

chrome://flags/#enable-compression-dictionary-transport-backend chrome://flags/#enable-compression-dictionary-transport

Finch feature name

CompressionDictionaryTransportBackend CompressionDictionaryTransport

Requires code in //chrome?

True

Tracking bug

https://crbug.com/1413922

Launch bug

https://launch.corp.google.com/launch/4266286

Sample links


https://compression-dictionary-transport-threejs-demo.glitch.me
https://compression-dictionary-transport-shop-demo.glitch.me

Estimated milestones

Shipping on desktop130
Origin trial desktop first123
Origin trial desktop last125
Origin trial desktop first117
Origin trial desktop last122
Origin trial desktop first127
Origin trial desktop last129
Shipping on Android130
Origin trial Android first123
Origin trial Android last125
Origin trial Android first117
Origin trial Android last122
Origin trial Android first127
Origin trial Android last129
Shipping on WebView130
Origin trial WebView first123
Origin trial WebView last125
Origin trial WebView first127
Origin trial WebView last129


Anticipated spec changes

None. The draft has been reviewed by the IETF http working group and steering committee and approved for publication as a RFC. There are a few mechanical process issues that need to happen for publication but the spec itself will not be changing.


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5124977788977152?gate=5186705503551488

Links to previous Intent discussions

Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADk0S-Vb1ON2XT2%2BBP27tJ4ivjgyu63jcd667am4TwcVFGsbuw%40mail.gmail.com
Intent to Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/7YdP2YxRQn4/m/9oPxLDdjAAAJ
Intent to Experiment: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADk0S-WyukWVPpFMFYSWVZ1%2BOuXVjtNfWiCqKvDYcdRwaApZLA%40mail.gmail.com
Intent to Experiment: https://groups.google.com/a/chromium.org/g/blink-dev/c/9iMl0kAA2LE


This intent message was generated by Chrome Platform Status.

Jeffrey Yasskin

unread,
Aug 27, 2024, 12:22:14 PMAug 27
to Tsuyoshi Horo, blink-dev, Patrick Meenan, nidh...@chromium.org, Yoav Weiss, Kenji Baheux, deno...@chromium.org
Congratulations on getting compression dictionaries through the standards gauntlet!

On Tue, Aug 27, 2024 at 2:36 AM Tsuyoshi Horo <ho...@chromium.org> wrote:
The explainer still has "All actual header values and names still TBD". I assume that's not the case anymore?
 

Is there a specification for the browser side of this? I'd expect to find something in Fetch that describes, for example, the CORS, same-origin, and partitioning behavior.
https://www.ietf.org/archive/id/draft-ietf-httpbis-compression-dictionary-17.html#name-the-compression-dictionary- says the link relation is "compression-dictionary" instead of "dictionary". Which is being shipped?
 
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADk0S-X5SPHneF3WuaDYQREdDs_vAyE3JxeRA6s5RMXXL6rVBw%40mail.gmail.com.

Patrick Meenan

unread,
Aug 27, 2024, 12:31:44 PMAug 27
to Jeffrey Yasskin, Tsuyoshi Horo, blink-dev, nidh...@chromium.org, Yoav Weiss, Kenji Baheux, deno...@chromium.org
On Tue, Aug 27, 2024 at 12:21 PM Jeffrey Yasskin <jyas...@chromium.org> wrote:
Congratulations on getting compression dictionaries through the standards gauntlet!

On Tue, Aug 27, 2024 at 2:36 AM Tsuyoshi Horo <ho...@chromium.org> wrote:

The explainer still has "All actual header values and names still TBD". I assume that's not the case anymore?

Thanks. The explainer is actually going away and deferring to the RFC as the authoritative source. I'll go through and make a pass now to at least remove the redundant bits and point to the draft.
 
 

Is there a specification for the browser side of this? I'd expect to find something in Fetch that describes, for example, the CORS, same-origin, and partitioning behavior.

There will be a few updates to the fetch spec to include the content encoding processing but the core parts of the CORS logic are in the IETF draft in section 9.3, including the CORS checks. The partitioning behaviour is described in section 10
 
 


Interoperability and Compatibility

Interoperability and Compatibility risk are low. This feature introduces a new compression method for transporting resources over HTTP. Web sites can know the browser support for the new feature by checking `document.createElement('link').relList.supports('dictionary')`.


https://www.ietf.org/archive/id/draft-ietf-httpbis-compression-dictionary-17.html#name-the-compression-dictionary- says the link relation is "compression-dictionary" instead of "dictionary". Which is being shipped?

Sorry, missed that on the I2S draft from a previous I2E - the name changed and "compression-dictionary" is what is shipping.
 

Patrick Meenan

unread,
Aug 27, 2024, 12:47:29 PMAug 27
to Jeffrey Yasskin, Tsuyoshi Horo, blink-dev, nidh...@chromium.org, Yoav Weiss, Kenji Baheux, deno...@chromium.org
I just pushed the update to the explainer to redirect it to the IETF spec (will update it again when we have an RFC number).

I kept the changelog in the WICG explainer just so existing users of the earlier OT's will know what changes they need to make for the release. OT v3 had the changes and most of the users that were actively testing already picked up the changes but this makes it clearer.

Patrick Meenan

unread,
Aug 27, 2024, 1:06:16 PMAug 27
to Jeffrey Yasskin, Tsuyoshi Horo, blink-dev, nidh...@chromium.org, Yoav Weiss, Kenji Baheux, deno...@chromium.org
It's probably worth mentioning that, even though the spec is in the IETF process, there was heavy involvement with w3c and whatwg as well.  The w3c TAG performed several reviews, there are several discussions in the whatwg HTML and Fetch issue trackers and discussion/review by the w3c web performance working group (where it originated). The linked HTML and Fetch issues are the tracking issues for adding the processing language to the relevant specs (or make sure the existing language covers the expanded use cases from the IETF draft).

Alex Russell

unread,
Aug 28, 2024, 2:10:50 PMAug 28
to blink-dev, Patrick Meenan, Tsuyoshi Horo, blink-dev, Nidhi Jaju, Yoav Weiss, Kenji Baheux, Daisuke Enomoto, Jeffrey Yasskin
LGTM1. Congrats, all. This is a big deal!

Chris Harrelson

unread,
Aug 28, 2024, 4:25:23 PMAug 28
to Alex Russell, blink-dev, Patrick Meenan, Tsuyoshi Horo, Nidhi Jaju, Yoav Weiss, Kenji Baheux, Daisuke Enomoto, Jeffrey Yasskin
LGTM2

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Mike Taylor

unread,
Aug 28, 2024, 4:50:53 PMAug 28
to Chris Harrelson, Alex Russell, blink-dev, Patrick Meenan, Tsuyoshi Horo, Nidhi Jaju, Yoav Weiss, Kenji Baheux, Daisuke Enomoto, Jeffrey Yasskin
Reply all
Reply to author
Forward
0 new messages