- From: Daniel Sommermann <dcsommer@fb.com>
- Date: Tue, 18 Mar 2014 09:14:29 -0700
- To: Julian Reschke <julian.reschke@gmx.de>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
I believe the issue with gatewaying to 1.0 is that the gateway would have to buffer the entire body and then decompress (leading to memory DOS). Request bodies cannot be terminated by EOF, unlike repsonse bodies, so a streaming approach wouldn't be possible as it is for server -> client 1.0 gatewaying. Even if it were, it would force the gateway to close the server connection, which could be considered a type of DOS as well. Although this idea is nice, I think we can pass for now. On 03/18/2014 12:03 AM, Julian Reschke wrote: > On 2014-03-18 04:50, Mark Nottingham wrote: >> It sounds like we have consensus to close #424 with no action. Anyone >> have a problem with that? > > Yes. > > I believe we're giving up too early. > > HTTP/1.1 already requires servers to handle chunked encoding in requests: > > "All HTTP/1.1 applications MUST be able to receive and decode the > "chunked" transfer-coding, and MUST ignore chunk-extension extensions > they do not understand." (RFC 2616, 3.6) > > So gatewaying to 1.1 shouldn't be a problem at all, as no buffering is > needed. > > If gatewaying to 1.0 servers is the problem than we seriously should > consider giving up on *that* goal. Speaking of which - why *exactly* > is gatewaying to 1.0 a problem? > > Best regards, Julian > > > >
Received on Tuesday, 18 March 2014 16:15:00 UTC