W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: The first settings

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 27 Feb 2014 10:25:59 -0800
Message-ID: <CABkgnnUu=btxOpHF47LJb-+---CdWxOe=BVTqx48DMECVRDdYA@mail.gmail.com>
To: Kazu Yamamoto <kazu@iij.ad.jp>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 26 February 2014 21:14, Kazu Yamamoto <kazu@iij.ad.jp> wrote:
> are MUST for Upgrade but optional for Direct and TLS?

There's an asymmetry between Upgrade and the other modes.  In Upgrade,
the server gets the first opportunity to send it's SETTINGS.  That
means that clients are potentially exposed to the default values of
these values, but only if they Upgrade.

(Honestly, I don't think that this is a big issue - the server can't
really *do* anything until the client sends a request, but this is
what we have.)
Received on Thursday, 27 February 2014 18:26:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC