Re: Call for Consensus: Frame size (to address #553)

On Jul 14, 2014, at 12:40 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> In message <CA+pLO_h2799vs37eY1HaSnBUmcGkGW-tmjTCJe1WeKZJRAtQGA@mail.gmail.com>, Jeff Pinner writ
> es:
> 
>> So am I to read this as a client might advertise a max frame size of
>> 256 bytes and then request a 2GB file?
> 
> yes.
> 
> And the server is free to return 418 or react in any other way it might
> find appropriate.

“free to” yes, but if we’re going to say that clients advertise a max frame size that MUST be at least 256 bytes, then we should have a SHOULD-level requirement for servers to work with such a limit. Of course if the server has some heuristic that determines that a client is performing an attack, this SHOULD-level requirement can go out the window, but we do want to promote interoperability, so absent evidence of wrong-doing, the server SHOULD work with this. 

If we think that 256 bytes is too low to require servers to work with, then maybe we should set the min-max-frame to something higher, perhaps with some text that clients and servers MAY advertise and honor lower values by prior agreement. But if we say “plug a number here between 256 and 16,777,215”, then the protocol should work with all these values.

Yoav

Received on Monday, 14 July 2014 09:04:00 UTC