W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Striving for Compromise (Consensus?)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 11 Jul 2014 13:00:55 -0700
Message-ID: <CABkgnnUO8qD3M1r_DUu0GUVDmY25rfCkgjhBet2DdS+cRJeP4g@mail.gmail.com>
To: Jason Greene <jason.greene@redhat.com>
Cc: Greg Wilkins <gregw@intalio.com>, Jeff Pinner <jpinner@twitter.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 11 July 2014 12:54, Jason Greene <jason.greene@redhat.com> wrote:
> The DOS attack is the amount of memory allocated per incomplete request. The server can track that, and it can easily RST_STREAM when it detects there is too much.

That's true for your implementation, but I know that others may prefer
a simpler formulation:  work out available resources, work out what a
single connection can use, divide.  That way, you can do things like
better isolate bad behaviour on one connection from others (though you
lose some scaling advantage, sure).  Having the transitory header
processing costs for each connection be based on a multiple of the
stream concurrency limit - even if it's worst case - will make that
Received on Friday, 11 July 2014 20:01:26 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC