- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 11 Jul 2014 13:11:10 -0700
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Jason Greene <jason.greene@redhat.com>, Greg Wilkins <gregw@intalio.com>, Jeff Pinner <jpinner@twitter.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 11 July 2014 13:09, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >>This point: >>> The current design handles this fairly well, at most one set of headers can >>> be incomplete at any point in time (sending a large number of incomplete >>> headers and keeping most of them incomplete most of the time is an >>> excellent attack vector, which the design currently precludes). > > This would be even more the case if we insist, as proposed, that all > headers go into a single frame. You mean that it would help avoid having multiple incomplete header blocks outstanding. If so, then yes. Knowing size up front means that you can RST streams that you know will blow your limits (though with compression, you can't be sure that a smaller frame won't).
Received on Friday, 11 July 2014 20:11:40 UTC