- From: Daniel Sommermann <dcsommer@fb.com>
- Date: Fri, 3 Jan 2014 10:13:47 -0800
- To: <ietf-http-wg@w3.org>
This may be a non-concern. If a server advertises such a value, that server would only be exposing itself to a DOS attack. Still, the client has a few choices how to respond to such a situation. Perhaps it's not right prescribe set behavior for this case, but it might be worth mentioning calling out the corner case in the doc. Perhaps we could add the following language to 6.5.2: "A server MAY advertise a value of 0 for SETTINGS_MAX_CONCURRENT_STREAMS. However, a client receiving this setting MAY issue a connection error (Section 5.4.1) of type PROTOCOL_ERROR." On 01/02/2014 04:11 PM, Daniel Sommermann wrote: > The HTTP/2.0 spec allows clients to advertise > SETTINGS_MAX_CONCURRENT_STREAMS of 0 to indicate they do not support > server push. However, it is not specified whether a server may > advertise a value of zero for this setting. It seems odd for a server > to advertise such a value, and it is not clear to me what a client > implementation should do in such a case (close the connection and try > again, wait for another SETTINGS frame, etc). > > Should servers be limited to sending values greater than zero for > SETTINGS_MAX_CONCURRENT_STREAMS? This question also applies to SPDY. >
Received on Friday, 3 January 2014 18:14:12 UTC