- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Mon, 2 Jul 2018 21:56:32 +1200
- To: ietf-http-wg@w3.org
On 02/07/18 20:47, Poul-Henning Kamp wrote: > -------- > In message <F1950AC9-CA4C-4F17-9F1A-CADA18679FE6@mnot.net>, Mark Nottingham wri > tes: > >> For interest / discussion. This is a proposal for a minimal mechanism to >> avoid loop attacks and misconfigurations against CDNs. Feedback >> appreciated. > > This problem is as old as packet networks, and why IP have the TTL field. > > I think it would be better and more robust to define a "max-hops" > header with a single numerical field, which each (conforming) proxy > decrements and if it becomes zero, 50x error is returned. > > CDNs can create a max-hops header if there is none, and even if > nobody else implements the max-hops header, it will eventually count > down to zero if there is a loop. > > In difference from the proposed draft, this doesn't reveal the > architecture to the client. > Max-Forwards goes almost there. Would just need to revise this part of RFC 7231 section 5.1.2 to make all recipients SHOULD decrement instead: " A recipient MAY ignore a Max-Forwards header field received with any other request methods. " ... and nothing is preventing us middleware and CND people decrementing on any method right now. Amos
Received on Monday, 2 July 2018 09:57:06 UTC