Re: HTTP/2 DoS Vulnerability (Was: HTTP/2 response completed before its request)

In message <>, "Eric J. Bowman" writes:
>"Poul-Henning Kamp" wrote:
>> Since it seems HTTP/2 is just going to be a short lived stopgap on top
>> of TLS only, maybe it will never become a real problem.
>> In HTTP/3 we'll have to be serious about it.
>My disillusionment with the HTTP/2 process stems from this concept that
>it doesn't need to be "gotten right" because we'll address any problems
>in HTTP/3. Am I the only one who thinks the horse should come before
>the cart?

What really surprises me is that we see such proposals to name&shame
proxies which do not allow random private extensions through, but
no proposals to name&shame browsers which do not want to support
HTTP/2 upgrade ?

The goals are obviously not to ensure the widest possible adoption
of HTTP/2.

I certainly looks like a number of WG participants are much more
focuses on getting HTTP/2 to work for their own private, (soon to
be walled ?), garden, than to make HTTP/2 the best possible protocol
for the web as such.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Wednesday, 2 July 2014 06:46:57 UTC