- From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
- Date: Wed, 17 Jul 2013 00:32:11 +0900
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CAPyZ6=J=jumG=+aKyjuDNiB5oVAGEJ7axjQ6-TH3+DvsQGH0NQ@mail.gmail.com>
+1 for strict validation. Regarding validation for SETTINGS, how about validating the values in SETTINGS frame? For example, the value in SETTINGS has unsigned 32 bit and it means SETTINGS_INITIAL_WINDOW_SIZE could have, say, 2^31, which is invalid for flow control. http://tools.ietf.org/html/draft-ietf-httpbis-http2-04#section-6.9.1 says if such value is received in WINDOW_UPDATE frame, it must be responded with FLOW_CONTROL_ERROR. But it does not say about SETTINGS frame for invalid window size (it may infer that but still). I think it would be good to add some error handling of values on SETTINGS frame reception. Best regards, Tatsuhiro Tsujikawa On Tue, Jul 16, 2013 at 9:22 PM, Amos Jeffries <squid3@treenet.co.nz> wrote: > On 16/07/2013 10:20 a.m., Martin Thomson wrote: > >> On 15 July 2013 12:44, Patrick McManus <pmcmanus@mozilla.com> wrote: >> >>> I'm wondering why the text proscribes error handling of MUST ignore in >>> response to violation of the MUST NOT send provision. >>> >> I think that someone either caught Postel's DIsease, or is in remission. >> >> Can we either change it to PROTOCOL ERROR (preferred) or just be silent >>> on >>> handling of the error? >>> >> PROTOCOL_ERROR seems appropriate. >> >> Opened: >> https://github.com/http2/**http2-spec/issues/174<https://github.com/http2/http2-spec/issues/174> >> > > +1. And double that for more strictness everywhere. > > > Amos > >
Received on Tuesday, 16 July 2013 15:33:06 UTC