Re: Striving for Compromise (Consensus?)

On 11 July 2014 12:54, Jason Greene <jason.greene@redhat.com> wrote:
> The DOS attack is the amount of memory allocated per incomplete request. The server can track that, and it can easily RST_STREAM when it detects there is too much.

That's true for your implementation, but I know that others may prefer
a simpler formulation:  work out available resources, work out what a
single connection can use, divide.  That way, you can do things like
better isolate bad behaviour on one connection from others (though you
lose some scaling advantage, sure).  Having the transitory header
processing costs for each connection be based on a multiple of the
stream concurrency limit - even if it's worst case - will make that
harder.

Received on Friday, 11 July 2014 20:01:26 UTC