W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: #557: Intra-message HEADERS frames

From: James M Snell <jasnell@gmail.com>
Date: Tue, 22 Jul 2014 08:16:23 -0700
Message-ID: <CABP7Rbe9Ne89irR2-3NEY_TadsDQ2=mGaiTTsT5uTJqRvhS9Eg@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Mark Nottingham <mnot@mnot.net>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Agree with PHK here. Since the decision has been made not to have an
end-to-end extensibility model in the framing layer, ignored
interspersed HEADERS frames that are not flow-controlled become a DoS
vector. At this point, there is absolutely no reason whatsoever to
have interspersed HEADERS frames.

- James

On Tue, Jul 22, 2014 at 7:41 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <FA8721C1-6FF2-4061-9F2E-F317E64E5209@mnot.net>, Mark Nottingham wri
> tes:
>
>>The choices seem to be:
>>
>>- PROTOCOL_ERROR upon a HEADERS where not expected
>
> +1
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
Received on Tuesday, 22 July 2014 15:17:10 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC