[repsilat]

Perhaps more concerning is being able to use this to launch a denial of service attack on a server that accepts zipped data. Gzipped requests are unusual with HTTP (no idea how widespread support for it is), but iirc SPDY is compressed by default.

[kijin]

Maybe not at the transport or protocol level, but it wouldn't be too hard to DoS an application server that handles compressed data, such as images.

Make a billion-pixel PNG image that compresses very well, upload several copies simultaneously to a LAMP server running on an average Linode, and watch it run out of memory while trying to create thumbnails with GD.

[debacle]

PHP usually has a pretty reasonable memory limit set, so it would puke on itself pretty quickly.

But I don't think you'd bring the site down.

[kijin]

Fair enough, but I've been on Linode's forums long enough to have seen dozens of people running 50 PHP processes with 128MB memory limit each, on a 1GB server shared with MySQL and a bunch of other crap. (It seems that 128MB is the new "reasonable memory limit" these days, since that's how much RAM it takes for PHP to handle photos from 8-to-12-megapixel cameras and smartphones.)