W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 DoS Vulnerability (Was: HTTP/2 response completed before its request)

From: Roberto Peon <grmocg@gmail.com>
Date: Tue, 1 Jul 2014 23:41:38 -0700
Message-ID: <CAP+FsNd06bPGVHVtn2QADT0C64Ai7_VZftkrtVzqt0ajOdANfA@mail.gmail.com>
To: "Eric J. Bowman" <eric@bisonsystems.net>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Jeff Pinner <jpinner@twitter.com>, Johnny Graettinger <jgraettinger@chromium.org>, William Chan <willchan@chromium.org>, Martin Thomson <martin.thomson@gmail.com>, Patrick McManus <mcmanus@ducksong.com>, Jesse Wilson <jesse@swank.ca>, HTTP Working Group <ietf-http-wg@w3.org>
phk@ has yet to demonstrate that there is an actual problem with DoS for
HTTP2 in the first place, and continues to make statements of fact about
things where he is demonstrably misinformed.

-=R




On Tue, Jul 1, 2014 at 11:38 PM, Eric J. Bowman <eric@bisonsystems.net>
wrote:

> "Poul-Henning Kamp" wrote:
> >
> > Since it seems HTTP/2 is just going to be a short lived stopgap on top
> > of TLS only, maybe it will never become a real problem.
> >
> > In HTTP/3 we'll have to be serious about it.
> >
>
> My disillusionment with the HTTP/2 process stems from this concept that
> it doesn't need to be "gotten right" because we'll address any problems
> in HTTP/3. Am I the only one who thinks the horse should come before
> the cart?
>
> -Eric
>
Received on Wednesday, 2 July 2014 06:42:05 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:08 UTC