W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Striving for Compromise (Consensus?)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 11 Jul 2014 13:11:10 -0700
Message-ID: <CABkgnnV=zt7bs_0AfydAPfN0_bYbQ4k6qFUxVpZ0qodN5VuLQw@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Jason Greene <jason.greene@redhat.com>, Greg Wilkins <gregw@intalio.com>, Jeff Pinner <jpinner@twitter.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 11 July 2014 13:09, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>>This point:
>>> The current design handles this fairly well, at most one set of headers can
>>> be incomplete at any point in time (sending a large number of incomplete
>>> headers and keeping most of them incomplete most of the time is an
>>> excellent attack vector, which the design currently precludes).
>
> This would be even more the case if we insist, as proposed, that all
> headers go into a single frame.


You mean that it would help avoid having multiple incomplete header
blocks outstanding.  If so, then yes.  Knowing size up front means
that you can RST streams that you know will blow your limits (though
with compression, you can't be sure that a smaller frame won't).
Received on Friday, 11 July 2014 20:11:40 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC