W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

(unknown charset) Re: HTTP/2 DoS Vulnerability (Was: HTTP/2 response completed before its request)

From: (unknown charset) Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 02 Jul 2014 05:57:42 +0000
To: (unknown charset) Roberto Peon <grmocg@gmail.com>
cc: (unknown charset) Jeff Pinner <jpinner@twitter.com>, Johnny Graettinger <jgraettinger@chromium.org>, William Chan (ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, Martin Thomson <martin.thomson@gmail.com>, Patrick McManus <mcmanus@ducksong.com>, Jesse Wilson <jesse@swank.ca>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <18888.1404280662@critter.freebsd.dk>
In message <CAP+FsNfnhCC4d-Z3uPAZTj4+xAXhQmPKPbx-J7Li=FL+=67OSg@mail.gmail.com>, Roberto Peon writes:

>> Yeah, well, sorry for not having a budget to spend on HTTP/2...
>You've effectively stated that you don't believe in it and would have
>nothing to do with it in the past.
>I'm guessing this had little to do with budget.

It had a lot to do with budget:  If there were no chance of getting
a good protocol out of it, I had better things to spend my money on.

(In difference from a lot of you, I run a one-man company, so slack
or "strategic" funds are in very short supply.)

I'll leave it to the black hats to settle the debate.

Since it seems HTTP/2 is just going to be a short lived stopgap on top
of TLS only, maybe it will never become a real problem.

In HTTP/3 we'll have to be serious about it.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 2 July 2014 05:58:07 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:08 UTC