W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: h2#416: Limit stream count

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 27 Feb 2014 10:41:52 -0800
Message-ID: <CABkgnnXgKNoKqG10ZczENFQ4e13fouyT7vsoiMYv+GN2mvpyQw@mail.gmail.com>
To: Roberto Peon <grmocg@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 25 February 2014 16:44, Roberto Peon <grmocg@gmail.com> wrote:
> It implies that a security-conscious entity will want to keep the limit at
> some moderately large, but finite value, e.g. 1000.

Thinking about this a little more, this is not an opportunity the
server has when a connection is first established.  A network attacker
should have no trouble forcing a client to create a new connection for
each attack.  That means that the guidance isn't that you limit your
own settings, but that you maintain a limit of your own.
Received on Thursday, 27 February 2014 18:42:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC