Re: Stream State and PRIORITY Frames from Scott Mitchell on 2017-01-20 (ietf-http-wg@w3.org from January to March 2017)

From: Scott Mitchell <scott.k.mitch1@gmail.com>
Date: Fri, 20 Jan 2017 09:01:10 -0800
To: laike9m <laike9m@gmail.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAFn2buDuGVBJ8WBptM3cNS_Wy_hnF1v_TMO5VzXriE6B9m-oqQ@mail.gmail.com>
On Fri, Jan 20, 2017 at 5:17 AM, laike9m <laike9m@gmail.com> wrote:

> If you don’t include RESERVED streams in the count for
> SETTINGS_MAX_CONCURRENT_STREAMS then how do you limit the amount of
> RESERVED streams, and how does your peer know about this limit? I have
> imposed an implementation specific metric in the past, but this seems less
> preferable than relying on something in the RFC that the peer is aware of.
> Either way having infinite of something doesn’t work in practice.
>
> As Martin has explained, H2 doesn’t limit the amount of RESERVED streams,
> based on the notion that HEADERS are close to free.
>

"HEADERS are free" sounds like an over simplification which becomes more
apparent as the concurrency of streams and connections grows. There are
other provisions in the RFC to limit the amount of state consumed by
HEADERS (SETTINGS_HEADER_TABLE_SIZE, SETTINGS_MAX_HEADER_LIST_SIZE).

In addition to headers this may require additional state to be allocated
for stream management. The specification also has mechanisms to limit state
consumed by streams.

It’s true that one trying to send infinite number of PUSH_PROMISEs to
> client can cause problems, but 1. This only happens if the server is
> malicious, and if it’s malicious,having a limit in the RFC won’t prevent
> anything, and 2. Not counting PUSH_PROMISEs is a tradeoff for fast delivery
> of PUSH_PROMISEs, which stops client from sending more requests. I guess
> this is what Martin meant by “If you limit server push by applying a stream
> limit, then you prevent it from being used in time for the client to use
> it.”
>
（Forgot to reply to all :P）
>

Malicious actors is a concern and must be dealt with. However there may be
proxy-like systems with large amounts of concurrency or other memory
constraint systems that already control their resources but the peer's only
mechanism to know about these limits is to try-then-fail. Assuming clients
impose some limit to their state (infinite state isn't practical) then the
problem of "the client won't accept this push" exists if the server knows
about it before hand or not. Knowing about it before hand gives the server
the ability to potentially prioritize which resources it wants to push or
make other more informed decisions.



> On Thu, Jan 19, 2017 at 9:21 AM, Scott Mitchell <scott.k.mitch1@gmail.com>
> wrote:
>
>>
>>
>> On Tue, Jan 17, 2017 at 2:43 PM, Scott Mitchell <scott.k.mitch1@gmail.com
>> > wrote:
>>
>>> From my perspective I would like to see two clarifications:
>>>
>>> 1. It is clear to me that PRIORITY doesn't impact state.
>>>
>>
>> Just to clarify ... it is clear that a PRIORITY frame doesn't impact the
>> state of the stream  it is carrying priority information for. The impacts
>> PRIORITY frames have on other streams is not clear due to the wording in
>> section 5.1.1.
>>
>>
>>> However Section 5.1.1 states "first use of a new stream identifier"
>>> which makes no reference to stream state. If stream state is
>>> important/implied here better to be specific about it. I don't think the
>>> one-off example below this text is sufficient to convey the intended
>>> implications of this statement.
>>>
>>> 2. Section 5.1.2 states "Streams in either of the 'reserved' states do
>>> not count toward the stream limit." which seems to conflict with section
>>> 8.2.2 "A client can use the SETTINGS_MAX_CONCURRENT_STREAMS setting to
>>> limit the number of responses that can be concurrently pushed by a
>>> server.". These two statements appear to contradict each other. Since
>>> SETTINGS_MAX_CONCURRENT_STREAMS is really the only mechanism to limit
>>> resources due to server push I'm assuming section 5.1.2 is overly
>>> restrictive.
>>>
>>>
>>> On Tue, Jan 17, 2017 at 2:27 PM, Martin Thomson <
>>> martin.thomson@gmail.com> wrote:
>>>
>>>> On 18 January 2017 at 01:37, Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
>>>> wrote:
>>>> > If my understanding is correct, this only refers to the new stream ID
>>>> used
>>>> > by HEADERS, and PUSH_PROMISE frames which open or reserve streams.
>>>> The
>>>> > example text following that statement uses HEADERS which opens new
>>>> stream.
>>>> > PRIORITY frame does not change stream state, and there is no reason
>>>> to close
>>>> > all unused streams lower than bearing stream ID.  That said, I agree
>>>> that
>>>> > this is not crystal clear in the document.  In practice, this is
>>>> probably
>>>> > rather rare case.
>>>>
>>>> This is, I think, the expectation.
>>>>
>>>> I think that we probably want to clarify the point by explicitly
>>>> saying that PRIORITY doesn't affect stream states.  We say that it can
>>>> be sent in any state, but we don't also mention that important point.
>>>> Do people here agree that an erratum on this point is appropriate
>>>> here?
>>>>
>>>
>>>
>>
>
Received on Friday, 20 January 2017 17:01:51 UTC