- From: James M Snell <jasnell@gmail.com>
- Date: Fri, 26 Apr 2013 11:47:37 -0700
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
In the current draft (-02), under the definition of HEADERS+PRIORITY, we say that the frame "MUST be used for each stream that is created".. Is this really true? This is inconsistent with other parts of the spec... Elsewhere we say that streams are created by sending any frame that references an unused stream ID. We also say that PUSH_PROMISE frames are followed up by a HEADERS frame (not HEADERS+PRIORITY). I believe the intent here is that streams ought only to be created when sending a HEADERS, HEADERS+PRIORITY or PUSH_PROMISE frame that references an unused stream ID. A DATA frame that references a previously unused Stream ID ought to result in a PROTOCOL_ERROR. (which brings up an interesting question: what happens if I receive an RST_STREAM that references a previously unused stream id? Based on the rules so far, that would mean the stream ID would be closed before there is ever a chance to use it... possible DOS vector?)
Received on Friday, 26 April 2013 18:48:23 UTC