W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: #311: Denial of Service and Ranges

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 7 Dec 2011 14:10:55 +1100
Cc: ietf-http-wg@w3.org
Message-Id: <ACC093B2-FC56-4A5D-B759-97F8A380CA81@mnot.net>
To: William A. Rowe Jr. <wrowe@rowe-clan.net>

On 24/11/2011, at 3:52 PM, William A. Rowe Jr. wrote:

> It's easier to say servers are always permitted to coalesce responses in a
> manner that makes delivery more efficient.  I believe this needs to include
> sequencing them in serial order as mentioned in...

Reading this thread, I'm inclined to agree; rather than being too specific, we could note the security issues, as well as the potential impact on clients.

How about adding a paragraph to p5 5.4.2:

"""
Servers are not required to return the exact range requested in a partial response, and MAY coalesce several ranges into a single response, to make delivery more efficient. Clients SHOULD NOT depend upon the requested ranges being returned as specified in a partial response. This includes the size of the ranges, their offsets, and their ordering in the response.
"""

Cheers,


--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 7 December 2011 03:11:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:50 GMT