W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: non-tls http2 client has to send settings twice?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 10 Dec 2013 10:07:42 -0800
Message-ID: <CABkgnnXNg1w2toym2UDwF_hO91pUypBNqPuO8igd4yBeDB+6ow@mail.gmail.com>
To: Dan Winship <dan.winship@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 10 December 2013 02:05, Dan Winship <dan.winship@gmail.com> wrote:
> So it has to send its settings twice? (Or else send a pointless empty
> SETTINGS frame the second time?)

Yep.  Pros and cons considered (at some length) this is what we came up with.

> But is it really important that the client has the ability to provide
> settings prior to receiving any frames from the server, given that the
> server doesn't have the chance to do the same (and the server probably cares
> more about not having clients spam it than the client cares about not having
> the server spam it...)?

It's less a matter of importance, and more one of pragmatism.  Servers
already deal with this stuff.  And it's not an unbounded attack;
there's a default maximum on the receive window at both the TCP and
HTTP/2.0 connection layers.

We could protect the server further, sure.  Proposals have been made
<http://tools.ietf.org/html/draft-montenegro-httpbis-http2-server-profiles>,
<https://github.com/http2/http2-spec/issues/184>, but after some
fairly lengthy discussions, they aren't moving (though the issue isn't
closed either).
Received on Tuesday, 10 December 2013 18:08:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC