Re: HTTP/2 DoS Vulnerability (Was: HTTP/2 response completed before its request)

phk@ has yet to demonstrate that there is an actual problem with DoS for
HTTP2 in the first place, and continues to make statements of fact about
things where he is demonstrably misinformed.


On Tue, Jul 1, 2014 at 11:38 PM, Eric J. Bowman <>

> "Poul-Henning Kamp" wrote:
> >
> > Since it seems HTTP/2 is just going to be a short lived stopgap on top
> > of TLS only, maybe it will never become a real problem.
> >
> > In HTTP/3 we'll have to be serious about it.
> >
> My disillusionment with the HTTP/2 process stems from this concept that
> it doesn't need to be "gotten right" because we'll address any problems
> in HTTP/3. Am I the only one who thinks the horse should come before
> the cart?
> -Eric

Received on Wednesday, 2 July 2014 06:42:05 UTC