Re: Our Schedule from Tatsuhiro Tsujikawa on 2014-05-28 (ietf-http-wg@w3.org from April to June 2014)

From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 28 May 2014 21:21:40 +0900
To: David Krauss <potswa@gmail.com>
Cc: Greg Wilkins <gregw@intalio.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAPyZ6=+1U4y10CBbDK2vKO0M-ADvzdYE_31BaTCdcCT1xD4ihQ@mail.gmail.com>

On Wed, May 28, 2014 at 11:21 AM, David Krauss <potswa@gmail.com> wrote:

>
> On 2014–05–27, at 10:49 PM, Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
> wrote:
>
>
>
>
> On Tue, May 27, 2014 at 9:27 AM, David Krauss <potswa@gmail.com> wrote:
>
>>
>> On 2014–05–26, at 10:07 PM, Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
>> wrote:
>>
>> Server and intermediaries can respond 431 if incoming headers are too
>> large and refuse to forward to the shared backend connection.
>>
>>
>> What is the correct behavior of a proxy that gets excessive headers from
>> a server?
>>
>>
> There are several actions proxy can take:
> 1) Ignore excessive headers
> 2) RST_STREAM
> 3) GOAWAY (if one header is too large to handle and keep in header table)
>
>
> Off topic a bit, but if one header is too large to fit in the header
> table, the current spec of HPACK requires the table to be cleared. I think
> the table should be left unchanged; is this an erratum?
>
> Anyway, no need to GOAWAY in that case.
>
>
Yeah, you are right, GOAWAY can be avoidable in this case.
If the incoming header is very very long, GOAWAY may be an option.



> Yes, there would be a RST_STREAM upstream and downstream, and that would
> suck. What would even be an appropriate error code? Internal error?
>
>
ENHANCE_YOU_CALM is suggested in the another thread.

Best regards,
Tatsuhiro Tsujikawa



>
> In framing protocol wise, all are correct behavior.  Proxy has right to
> protect its own.
>
>
>> What if the header stream takes too long, without being particularly
>> large? Then the problem is not too many headers at all. Indeed, for a
>> reverse proxy with a slow client, this is sure to happen as sure as
>> streaming kicks in at all.
>>
>>
> This is not limited to HEADERS.  Just send 1 byte of first header of any
> frame and pause.
> This is good candidate for the timeout, isn't it?
>
>
> I’m talking about the connection between the reverse proxy and the server.
> There should be only one connection there, representing all the clients
> assigned to the server. The reverse proxy is trusted, and it can always
> send complete data frames. However it is still at the mercy of the client
> as for complete header blocks, under a streaming policy.
>
>

Received on Wednesday, 28 May 2014 12:22:27 UTC