W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2019

Re: Are HTTP/2 state changes atomic with respect to SETTINGS_MAX_CONCURRENT_STREAMS?

From: Willy Tarreau <w@1wt.eu>
Date: Mon, 11 Feb 2019 11:23:45 +0100
To: Stefan Eissing <stefan.eissing@greenbytes.de>
Cc: Martin Thomson <mt@lowentropy.net>, ietf-http-wg@w3.org
Message-ID: <20190211102345.GC30671@1wt.eu>
Hi Stefan,

On Mon, Feb 11, 2019 at 11:18:15AM +0100, Stefan Eissing wrote:
> However the question remains what Cory should implement here? 

At the very least he should respect what the protocol says, i.e. +1
when seeing the HEADERS frame, check the limit then -1 when seeing
ES on the same frame. The state machine shows multiple steps for a
possible single state, indicating checks must be performed following
a strict sequence.

> If there is a scenario where a near unlimited number of PPs can be triggered,
> this becomes a DoS vector either way. Experience says that an early and
> deterministic PROTOCOL_ERROR might serve us better than some dynamic
> mitigation that does not really solve the problem but makes breakage more
> obscure.

Agreed.

> PS. httpd's mod_proxy_http2 does disable PUSH on backend connections. With
> 103 Early Hints, there seems to be no benefit on low latency.

Same for haproxy. Eventhough 103 is still young, it does have a certain
number of benefits over push and is (in my opinion) much more elegant.

Willy
Received on Monday, 11 February 2019 10:24:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 11 February 2019 10:24:15 UTC