Re: Negotiating compression from Yoav Nir on 2014-05-28 (ietf-http-wg@w3.org from April to June 2014)

From: Yoav Nir <ynir.ietf@gmail.com>
Date: Wed, 28 May 2014 22:18:53 +0300
To: Roberto Peon <grmocg@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <9D62DC1F-F5AE-43CF-A635-0CC766E441E6@gmail.com>

On May 28, 2014, at 8:40 PM, Roberto Peon <grmocg@gmail.com> wrote:

> The DoS surface with HTTP headers is not increased over HTTP/1 (which also would suffer from a requirement to tear down the transport when that kind if thing happens, unlike HTTP2).
> 
> I believe I've mentioned before seeing rare, but multi-Mb headers in the past. We had, before that experience, amusingly assumed that 16k was enough for anyone, and were wrong by orders of magnitude.
> 
So I’m wondering. Some of us (not all) seem to be OK with telling some use cases to stick with HTTP/1, like printing or IoT or many of the other places that are outside HTTP/2 “design space”. Why are we going to such lengths to support this abuse of the protocol. Is it just because HTTP/1 allows it?

Yoav

Received on Wednesday, 28 May 2014 19:19:24 UTC