- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 27 Feb 2014 10:41:52 -0800
- To: Roberto Peon <grmocg@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 25 February 2014 16:44, Roberto Peon <grmocg@gmail.com> wrote: > It implies that a security-conscious entity will want to keep the limit at > some moderately large, but finite value, e.g. 1000. Thinking about this a little more, this is not an opportunity the server has when a connection is first established. A network attacker should have no trouble forcing a client to create a new connection for each attack. That means that the guidance isn't that you limit your own settings, but that you maintain a limit of your own.
Received on Thursday, 27 February 2014 18:42:22 UTC