W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Strawman for DoS considerations

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 11 Oct 2013 08:22:59 -0700
Message-ID: <CABkgnnXd3hpukbb-Swn3TLCkbxz-1COt7GHKnLkMDvFgpa5VoQ@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
I think that we need something along these lines.  I'm inclined to
just add this and then deal with change request, but let's discuss
this briefly first.
--
Denial of Service Considerations

An HTTP/2.0 connection can demand a greater commitment of resources to
operate than a HTTP/1.1 connection.  The use of header compression and
flow control require that an implementation commit resources for
storing a greater amount of state.  Settings for these features ensure
that memory commitments for these features are strictly bounded.
Processing capacity cannot be guarded in the
same fashion.

The <x:ref>SETTINGS</x:ref> frame can be abused to cause a peer to
expend additional processing time.  This might be done by pointlessly
changing settings, setting multiple undefined settings, or changing
the same setting multiple times in the same frame.  Similarly, trivial
<x:ref>WINDOW_UPDATE</x:ref> or <x:ref>PRIORITY</x:ref> frames
unnecessarily waste resources.

Large numbers of small or empty frames can be abused to cause a peer
to expend time processing frame headers.  Note however that some uses
are entirely legitimate, such as the sending of an empty
<x:ref>DATA</x:ref> frame to end a stream.

Header compression also offers some opportunities to waste processing
resources, see <xref target="COMPRESSION"/> for more details on
potential abuses.

In all these cases, there are legitimate reasons to use these protocol
mechanisms.  These features become a burden only when they are used
unnecessarily or to excess.

An endpoint that doesn't monitor this behavior exposes itself to a
risk of denial of service attack.  Implementations SHOULD track the
use of these types of frames and set limits on their use.  An endpoint
MAY treat activity that is suspicious as a <xref
target="ConnectionErrorHandler">connection error</xref> of type
<x:ref>ENHANCE_YOUR_CALM</x:ref>.
Received on Friday, 11 October 2013 15:23:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC