- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 7 May 2014 13:09:11 -0700
- To: Mike Bishop <Michael.Bishop@microsoft.com>
- Cc: Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 7 May 2014 12:51, Mike Bishop <Michael.Bishop@microsoft.com> wrote: > Heh -- sending a PING response without having gotten a PING in the first place (or yet, if it's in flight) has the potential to mess with many state machines.... That's an interesting attack. Well, it is if you maintain state for PING like that. More seriously, if you had not considered this option, it's conceivable that others won't. Is this something we need to patch in the spec?
Received on Wednesday, 7 May 2014 20:09:38 UTC