Re: HTTP router point-of-view concerns

Yes, and I'm saying that, the way the mechanism is currently defined,
as soon as you set the size to zero, those "free" items are removed
from the table and you no longer get them for "free"... so there is a
certain amount of state that *is* allocated per connection (even if
it's relatively minor).

Ultimately, the question of whether header compression can be used as
an attack vector will rest entirely on implementation and
experimentation.

On Thu, Jul 11, 2013 at 1:07 PM, Roberto Peon <grmocg@gmail.com> wrote:
> I'm calling that the static table. Those are the elements you get for "free"
> (as in the memory is allocated once in the process, as opposed to for every
> connection).
>
> -=R
>
>
> On Thu, Jul 11, 2013 at 1:02 PM, James M Snell <jasnell@gmail.com> wrote:
>>
>> On Thu, Jul 11, 2013 at 12:35 PM, Roberto Peon <grmocg@gmail.com> wrote:
>> >[snip]
>> >
>> > The DoS vector you're talking about is not a DoS vector if the
>> > intermediary
>> > resets all streams before the change-of-state-size comes into effect.
>> > When the state size is 0, one should be able to use some kinds of
>> > 'indexed'
>> > representations, so long as those representations refer only to items in
>> > the
>> > static tables. Why do you believe that this would use more or less CPU?
>> > (It
>> > should use less CPU and less memory...)
>> > [snip]
>>
>> Well, as far as I can tell, according to the current header
>> compression draft, there is no "static table". The header table is
>> pre-populated, yes, but those items would fall out of the header table
>> via eviction as the table fills. There is nothing in the current
>> header compression draft that says those items are permanent.... Given
>> that, and given that we've already established that reducing the
>> header table size forces eviction, setting the size to zero would
>> cause all of the pre-populated items to be evicted.
>>
>> - James
>
>

Received on Thursday, 11 July 2013 20:30:20 UTC