W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Striving for Compromise (Consensus?)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 11 Jul 2014 12:52:34 +0000
To: Mark Nottingham <mnot@mnot.net>
cc: K.Morgan@iaea.org, jpinner@twitter.com, ietf-http-wg@w3.org
Message-ID: <25943.1405083154@critter.freebsd.dk>
In message <46062217-9FD9-4F8C-AFE2-E03A8A1C8BB3@mnot.net>, Mark Nottingham writes:
>On 11 Jul 2014, at 7:41 pm, <K.Morgan@iaea.org> <K.Morgan@iaea.org> 
>wrote:
>
>> On Friday,11 July 2014 09:32, jpinner@twitter.com wrote:
>> 
>>> How do people feel about the following compromise:
>> 
>> -1
>> It eliminates both purposes of the 'Greg et al' proposal:
>>  a) Eliminate the CONTINUATION ugliness (complexity, processing, 
>etc.), and
>>  b) add bits & settings for tuning frame lengths.
>
>See my previous message to Willy. These are not issues, they're a wish 
>list. 
>
>To be clear the time to argue over the aesthetics of the protocol 
>has long passed; 

This is not a matter of aesthetics Mark.

As currently specified CONTINUATION is a giant invitation to DoS attacks.

The missing "this many headers will arrive" early notice is a surefire
way to force all receivers to implement complex and slow memory management
schemes, also prone to DoS exploitation.

The crucial core of our proposal is that header-sets go into a single
frame, so the length is announced up front.  16K being not long enough
for that, is another good reason for large frames.

Not wanting to trade the "ulimited CONTINUATIONS" for "unlimited frame
sizes, the SETTINGS for MAX frame size follows naturally.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 11 July 2014 12:52:59 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC