W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014


From: Daniel Sommermann <dcsommer@fb.com>
Date: Fri, 3 Jan 2014 10:13:47 -0800
Message-ID: <52C6FDDB.9070808@fb.com>
To: <ietf-http-wg@w3.org>
This may be a non-concern. If a server advertises such a value, that 
server would only be exposing itself to a DOS attack. Still, the client 
has a few choices how to respond to such a situation. Perhaps it's not 
right prescribe set behavior for this case, but it might be worth 
mentioning calling out the corner case in the doc. Perhaps we could add 
the following language to 6.5.2:

"A server MAY advertise a value of 0 for 
SETTINGS_MAX_CONCURRENT_STREAMS. However, a client receiving this 
setting MAY issue a connection error (Section 5.4.1) of type 

On 01/02/2014 04:11 PM, Daniel Sommermann wrote:
> The HTTP/2.0 spec allows clients to advertise 
> SETTINGS_MAX_CONCURRENT_STREAMS of 0 to indicate they do not support 
> server push. However, it is not specified whether a server may 
> advertise a value of zero for this setting. It seems odd for a server 
> to advertise such a value, and it is not clear to me what a client 
> implementation should do in such a case (close the connection and try 
> again, wait for another SETTINGS frame, etc).
> Should servers be limited to sending values greater than zero for 
> SETTINGS_MAX_CONCURRENT_STREAMS? This question also applies to SPDY.
Received on Friday, 3 January 2014 18:14:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:23 UTC