- From: Yoav Nir <ynir.ietf@gmail.com>
- Date: Mon, 14 Jul 2014 12:03:22 +0300
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Jul 14, 2014, at 12:40 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <CA+pLO_h2799vs37eY1HaSnBUmcGkGW-tmjTCJe1WeKZJRAtQGA@mail.gmail.com>, Jeff Pinner writ > es: > >> So am I to read this as a client might advertise a max frame size of >> 256 bytes and then request a 2GB file? > > yes. > > And the server is free to return 418 or react in any other way it might > find appropriate. “free to” yes, but if we’re going to say that clients advertise a max frame size that MUST be at least 256 bytes, then we should have a SHOULD-level requirement for servers to work with such a limit. Of course if the server has some heuristic that determines that a client is performing an attack, this SHOULD-level requirement can go out the window, but we do want to promote interoperability, so absent evidence of wrong-doing, the server SHOULD work with this. If we think that 256 bytes is too low to require servers to work with, then maybe we should set the min-max-frame to something higher, perhaps with some text that clients and servers MAY advertise and honor lower values by prior agreement. But if we say “plug a number here between 256 and 16,777,215”, then the protocol should work with all these values. Yoav
Received on Monday, 14 July 2014 09:04:00 UTC