W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Fragmentation for headers: why jumbo != continuation.

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 12 Jul 2014 16:55:54 +1200
Message-ID: <53C0BFDA.9000603@treenet.co.nz>
To: ietf-http-wg@w3.org
On 12/07/2014 2:43 p.m., Greg Wilkins wrote:
> On 12 July 2014 12:11, Roberto Peon wrote:
> 
>> I don't like interleaving-- it multiplicatively increases the DoS surface
>> (and makes it significantly worse than it was with HTTP/1)
> 
> 
> Ah interesting.     I don't think I had understood this objection before -
> as I thought that the desire to fragment was driven by the desire to
> interleave for QoS. Hence the push to drop the reference set.    But in
> this case you want to fragment just to avoid buffering in the sender.

I think a critical detail that needs to be acknowledged by everyone
right now is that the DoS risk is from the attacker in role of sender.

Decisions which reduce the costs for senders by shifting them to
recipients actually increases the DoS vulnerability of the whole system.

Roberto, that tradeoff is a key detail within the Greg et all proposal.
Hence by requiring low sender/high recipient costs you are actually
arguing for increasing the DoS vulnerability in h2.


Amos
Received on Saturday, 12 July 2014 04:56:26 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC