W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 DoS Vulnerability (Was: HTTP/2 response completed before its request)

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Wed, 2 Jul 2014 00:51:20 -0600
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
Cc: Roberto Peon <grmocg@gmail.com>, Jeff Pinner <jpinner@twitter.com>, Johnny Graettinger <jgraettinger@chromium.org>, William Chan ( ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, Martin Thomson <martin.thomson@gmail.com>, Patrick McManus <mcmanus@ducksong.com>, Jesse Wilson <jesse@swank.ca>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <20140702005120.9ad69b454afc5e21219e1a54@bisonsystems.net>
"Poul-Henning Kamp" wrote:
> 
> What really surprises me is that we see such proposals to name&shame
> proxies which do not allow random private extensions through, but
> no proposals to name&shame browsers which do not want to support
> HTTP/2 upgrade ?
> 
> The goals are obviously not to ensure the widest possible adoption
> of HTTP/2.
> 
> I certainly looks like a number of WG participants are much more
> focuses on getting HTTP/2 to work for their own private, (soon to
> be walled ?), garden, than to make HTTP/2 the best possible protocol
> for the web as such.
> 

Exactly. Why are so many folks talking about HTTP/3 as a solution to
the shortcomings of HTTP/2 when HTTP/2 isn't even in LC? If HTTP/2 were
"getting it right" then why all the talk of deferring proper
architecture to HTTP/3? So discouraging...

-Eric
Received on Wednesday, 2 July 2014 06:51:43 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:08 UTC