W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Frame Length Restrictions

From: Jeff Pinner <jpinner@twitter.com>
Date: Mon, 21 Apr 2014 13:20:21 -0700
Message-ID: <CA+pLO_hVAz32RUw1Rnjt10Wf2H+822W5+LdAq4oV6TV4DmHKqw@mail.gmail.com>
To: Johnny Graettinger <jgraettinger@chromium.org>
Cc: Martin Thomson <martin.thomson@gmail.com>, Patrick McManus <mcmanus@ducksong.com>, K.Morgan@iaea.org, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
A few comments below:

On Mon, Apr 21, 2014 at 11:55 AM, Johnny Graettinger <
jgraettinger@chromium.org> wrote:

> Also, to date HTTP/2 hasn't made it particularly easy for intermediaries
> to 'forward' frames without deeply understanding stream state. It does seem
> odd to make moves in this direction now, and I'd appreciate an explanation
> of what this is buying. Eg, unless you're running an intermediary tunneling
> 1:1 connections, including all settings affecting compression state, you'll
> still have to decode & re-compress headers with an entirely different
> compression context anyway. Compared to that, the complexity overhead of
> re-framing DATA seems pretty small.

Padding as a security mechanism is not designed with the intent of
minimizing frame size, but rather increasing it to obscure the true size of
the data. Nor is it intended to be simple to proxy (for example, adding or
removing padding affects stream flow control and thus back-pressure across
proxies, even though it has nothing to do with the size of the resources
allocated to a stream).

In particular, attempting to add padding without revealing information is
also not trivial.

In the current implementation, an intermediary that attempts to add padding
to a data frame cannot pad a 16K frame using less than 8 bytes of padding.
If adding a minimum of 8 bytes of padding is acceptable, there we can get
away with using a PADDING frame and removing per-frame padding entirely,
greatly simplifying the spec. If it is not acceptable, then we need to
either make frames bigger or make the allowable application data smaller.

> On Mon, Apr 21, 2014 at 2:16 PM, Martin Thomson <martin.thomson@gmail.com>wrote:
>> On 19 April 2014 15:07, Patrick McManus <mcmanus@ducksong.com> wrote:
>> > it only the on-the-wire size that matters.
>> This is, I think, the reason that this change makes me uncomfortable.
>> We have a small frame for a good reason; and allowing padding to
>> greater than that size is in direct opposition to that.

We have a small frame size in an attempted to protected against
non-adoption due to anticipated performance/correctness problems with
yet-to-be-written implementations.

For example, the small data frame size was an attempt to prevent
implementations from feeling "non-responsive" to changes in priority and
thus prevent people from adopting HTTP/2 because it felt slower. There is
nothing in the protocol, however, that prevents sending 8k or less data
frames, just as there is nothing in HTTP/1.1 that prevents sending small
chunk sizes. In fact, if the HTTP/2 connection is only used to transfer a
single resource, the additional overhead of small data frames is completely

Similarly, the small header block size was chosen to make sure
implementations exercised continuation frames so that they would detect
implementations bugs early.

A small frame size is not however a prerequisite to, nor necessarily a
hinderance of, adoption. SPDY has a 16MB frame size for example.

> (I briefly thought that this proposed change wouldn't cause issues in
>> this regard, because the padding could be easily discarded.  But
>> that's a great way to negate any benefit gained by padding.)
Received on Monday, 21 April 2014 20:20:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC