- From: Greg Wilkins <gregw@intalio.com>
- Date: Mon, 2 Jun 2014 21:18:03 +0200
- To: Roberto Peon <grmocg@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NG-N8-R_UZg7i2FV2kpZzeNTDBNKJQ7988D-1bTSApgVg@mail.gmail.com>
Roberto, that clause from 3.1.3 is clear enough in what an impl must do, I just don't see how it achieve a limit on the reference set size. Consider a setup that has a small header table size that will fit just a single field into in. This decoder then receives a header frame that contains a reference to header 4 (static :path:/). This is copied into the header table at index 1 (evicting anything else that was in there) and is added to the reference set. Now say that the rest of the header frame is full of many many duplicates of a reference to index 1. For each reference another entry is made into the reference set pointing to the copied static entry. This can continue for ever and represents unlimited growth of the reference set. If this kind of duplicate attack is not a problem, then I don't think we need to limit the size of the reference set, because without such duplicates, then every entry in the reference set is going to be much smaller than each entry in the header set. Thus a limit on the header set size is effectively a limit on the reference set size, without the need to copy. So either I'm still missing something or this a complex mechanism that does not achieve what it is intended to do. cheers -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Monday, 2 June 2014 19:18:32 UTC