- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 11 Jul 2014 12:52:34 +0000
- To: Mark Nottingham <mnot@mnot.net>
- cc: K.Morgan@iaea.org, jpinner@twitter.com, ietf-http-wg@w3.org
In message <46062217-9FD9-4F8C-AFE2-E03A8A1C8BB3@mnot.net>, Mark Nottingham writes: >On 11 Jul 2014, at 7:41 pm, <K.Morgan@iaea.org> <K.Morgan@iaea.org> >wrote: > >> On Friday,11 July 2014 09:32, jpinner@twitter.com wrote: >> >>> How do people feel about the following compromise: >> >> -1 >> It eliminates both purposes of the 'Greg et al' proposal: >> a) Eliminate the CONTINUATION ugliness (complexity, processing, >etc.), and >> b) add bits & settings for tuning frame lengths. > >See my previous message to Willy. These are not issues, they're a wish >list. > >To be clear the time to argue over the aesthetics of the protocol >has long passed; This is not a matter of aesthetics Mark. As currently specified CONTINUATION is a giant invitation to DoS attacks. The missing "this many headers will arrive" early notice is a surefire way to force all receivers to implement complex and slow memory management schemes, also prone to DoS exploitation. The crucial core of our proposal is that header-sets go into a single frame, so the length is announced up front. 16K being not long enough for that, is another good reason for large frames. Not wanting to trade the "ulimited CONTINUATIONS" for "unlimited frame sizes, the SETTINGS for MAX frame size follows naturally. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 11 July 2014 12:52:59 UTC