W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

#551: Limiting header sizes

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 16 Jul 2014 13:41:55 +1000
Message-Id: <F81935AB-CDA5-493D-ACEF-C94313EC50C5@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
A lot of the discussion around <https://github.com/http2/http2-spec/issues/551> is around having a hard limit for header block sizes in the protocol, and the resulting ways that helps and hurts.

I wonder if we can make a small adjustment to ease some of the pain. Specifically, what if it were only advisory, and there were no default?

I.e., instead of a setting with the semantic of "You MUST NOT send header blocks larger than <x>", what if it were "If you send header blocks larger than <x>, I'll very likely discard them (responses) / respond with a 431 (requests)"?

This makes it much more flexible; if a proxy sends this setting and sees a client ignoring it, they have the choice of either soft-failing them (with a 431), accepting the larger request, or hard-failing them (ENHANCE_YOUR_CALM).

It also seems more compatible with the way that HTTP/1 works.

I think that doing this might address most of the cons listed at <https://github.com/http2/http2-spec/wiki/ContinuationProposals#limit-header-block-size-via-a-setting>.


Mark Nottingham   https://www.mnot.net/
Received on Wednesday, 16 July 2014 03:42:22 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC