Re: Cost analysis: (was: Getting to Consensus: CONTINUATION-related issues) from Poul-Henning Kamp on 2014-07-20 (ietf-http-wg@w3.org from July to September 2014)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sun, 20 Jul 2014 07:35:30 +0000
To: Jason Greene <jason.greene@redhat.com>
cc: David Krauss <potswa@gmail.com>, Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>, Mark Nottingham <mnot@mnot.net>, Roberto Peon <grmocg@gmail.com>
Message-ID: <23792.1405841730@critter.freebsd.dk>

In message <E2824D77-7534-4B80-B1A1-7D54A30BB559@redhat.com>, Jason Greene writ
es:

>That's certainly not my point, so maybe I just haven't explained all 
>that well. The whole benefit to A is actually simplifying the common 
>case which is headers < 16KB. That is why I like that option. The limit 
>is cooperative, so obviously it can't prevent a DOS attack. It does 
>however help determine bad actor, which can be useful in DOS detection 
>code. 

+1:  Stating the limit up front means that everybody who exceeds it
     better have a really good story.

>The main reason I have been behind so many proposals involving a length 
>is that my primary concern with h2-13 is that continuations encourage 
>HOL blocking in proxies from compliant actors, and lengths gives us a 
>way to prevent that. There have been other proposals which would also 
>solve the problem (namely allowing interleaving of continuations), but 
>they were rejected.

+1

>I see this argument made a lot in the various discussions. That somehow 
>these proposals are favoring the 0.2%. It's actually optimizing the 
>99.8% that can be negatively impacted by the 0.2%. This is a common goal 
>in multiplexing protocol design, establishing some basic level of 
>fairness. 

I'm perfectly happy to cause pain for the 0.2% because in my
considered opinion HTTP headers larger than 16KB means that you are
fundamentally confused about the difference between data and metadata.

But it's not really about fairness to the 0.2%, it is about sensible
security:  Any concession to the 0.2% in the default configurations
is also an open invitation to attackers.

>>> Well, there is the gigantic kerberos ticket use case, and those are 
>>>certainly proxyable today. It's hard to see how large headers are only 
>>>appropriate across a single hop vs multiple hops.

Actually that one use case is very much one-hop as far as I know.
Nobody has given any evidence that these kernberos tickets are sent
to at public webservers on the internet, they are only used between
servers which are known to handle them, inside isolated administrative
domains.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 20 July 2014 07:35:55 UTC