Re: new draft for the minimum value setting mechanism of HTTP2.0 Window and Window_update from Lucas Pardue on 2021-02-09 (ietf-http-wg@w3.org from January to March 2021)

From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Tue, 9 Feb 2021 10:38:32 +0000
To: Martin Thomson <mt@lowentropy.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CALGR9obStahjKKVdkVhvjuii203etHF744g5bOsXudLwqPvqXQ@mail.gmail.com>

Hiya,

To add to what Martin asked, I'd like to understand if there is really
_any_ minimum value that is safe to use. It seems that an attacker could
always try to game the system, so implementations should be defensive.

Picking too granular a minimum value also seems prone to problems. I can
see the possibility for some deadlocks to happen here unless endpoints can
commit to buffering.

Cheers
Lucas

Received on Tuesday, 9 February 2021 10:38:56 UTC