- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 3 May 2016 15:35:12 +1000
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 3 May 2016 at 05:06, Roy T. Fielding <fielding@gbiv.com> wrote: > Are we concerned about a server accidentally sending too many pushes, > or deliberately attacking the client via too many pushes? It's the former, accidental overloading. And it's not really an attack, just an infidelity. We did a lot to provide feedback mechanisms where there was a risk of overload, and we missed this tiny corner case. As with the push policy stuff, the point is to avoid having a server send pushes when the client doesn't really want them. > Not (2) -- that's overkill. (1) seems a shame given that it won't prevent > a server from sending pushes, and doesn't feel right given that a client > has no idea how many pushes it might need. I agree on both counts. I haven't been able to contrive anything that works without ugly side-effects of one sort or other. I'll probably write a draft with a few ideas in it and see what people think when confronted with specifics.
Received on Tuesday, 3 May 2016 05:35:40 UTC