W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: PONG (was Re: Why do DATA frames have padding?)

From: Roberto Peon <grmocg@gmail.com>
Date: Wed, 7 May 2014 13:16:16 -0700
Message-ID: <CAP+FsNe5xL1A9=H-EV63+gSVewQdL9jxutLLKBVJQ=t8fLUiyA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>, Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
You'd also have to correctly guess the value of the payload that was/would
have been included in the PING.
If the party sending PINGs always uses a random int64, there is a
1/1.8*10^19 chance that you can mess something up.


On Wed, May 7, 2014 at 1:09 PM, Martin Thomson <martin.thomson@gmail.com>wrote:

> On 7 May 2014 12:51, Mike Bishop <Michael.Bishop@microsoft.com> wrote:
> > Heh -- sending a PING response without having gotten a PING in the first
> place (or yet, if it's in flight) has the potential to mess with many state
> machines....  That's an interesting attack.
> Well, it is if you maintain state for PING like that.
> More seriously, if you had not considered this option, it's
> conceivable that others won't.  Is this something we need to patch in
> the spec?
Received on Wednesday, 7 May 2014 20:16:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC