W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Call for Consensus: Frame size (to address #553)

From: Yoav Nir <ynir.ietf@gmail.com>
Date: Mon, 14 Jul 2014 12:03:22 +0300
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <8E722FAA-1157-4638-AC25-96A756CE93E9@gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>

On Jul 14, 2014, at 12:40 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> In message <CA+pLO_h2799vs37eY1HaSnBUmcGkGW-tmjTCJe1WeKZJRAtQGA@mail.gmail.com>, Jeff Pinner writ
> es:
> 
>> So am I to read this as a client might advertise a max frame size of
>> 256 bytes and then request a 2GB file?
> 
> yes.
> 
> And the server is free to return 418 or react in any other way it might
> find appropriate.

“free to” yes, but if we’re going to say that clients advertise a max frame size that MUST be at least 256 bytes, then we should have a SHOULD-level requirement for servers to work with such a limit. Of course if the server has some heuristic that determines that a client is performing an attack, this SHOULD-level requirement can go out the window, but we do want to promote interoperability, so absent evidence of wrong-doing, the server SHOULD work with this. 

If we think that 256 bytes is too low to require servers to work with, then maybe we should set the min-max-frame to something higher, perhaps with some text that clients and servers MAY advertise and honor lower values by prior agreement. But if we say “plug a number here between 256 and 16,777,215”, then the protocol should work with all these values.

Yoav
Received on Monday, 14 July 2014 09:04:00 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC