Re: #311: Denial of Service and Ranges

On 24/11/2011, at 3:52 PM, William A. Rowe Jr. wrote:

> It's easier to say servers are always permitted to coalesce responses in a
> manner that makes delivery more efficient.  I believe this needs to include
> sequencing them in serial order as mentioned in...

Reading this thread, I'm inclined to agree; rather than being too specific, we could note the security issues, as well as the potential impact on clients.

How about adding a paragraph to p5 5.4.2:

Servers are not required to return the exact range requested in a partial response, and MAY coalesce several ranges into a single response, to make delivery more efficient. Clients SHOULD NOT depend upon the requested ranges being returned as specified in a partial response. This includes the size of the ranges, their offsets, and their ordering in the response.


Mark Nottingham

Received on Wednesday, 7 December 2011 03:11:32 UTC