Re: new draft for the minimum value setting mechanism of HTTP2.0 Window and Window_update from Martin Thomson on 2021-02-17 (ietf-http-wg@w3.org from January to March 2021)

From: Martin Thomson <mt@lowentropy.net>
Date: Wed, 17 Feb 2021 16:34:29 +1100
To: ietf-http-wg@w3.org
Message-Id: <57dadfaa-95f3-4a3f-b03a-5b292e8027d1@www.fastmail.com>

On Wed, Feb 17, 2021, at 15:57, Meiling Chen wrote:
> > Implementations could just withhold small flow control updates.  Is there a specific reason for having a setting here?
> >  [Meiling] I don't quite understand the question, maybe the answer is not so accurate, we simply provide a way to set the minimum value to prevent some attacks that exploit the smaller value or because there is no default agreed minimum which lead to a normal message is mistaken as an attack.

You suggest that implementations always ensure that their updates are large enough.  This is a good recommendation.  However, you also describe a setting.  Why does one endpoint need to provide this value to the other endpoint?  Can endpoints just do the right thing themselves?

Received on Wednesday, 17 February 2021 05:35:04 UTC