Re: Re: new draft for the minimum value setting mechanism of HTTP2.0 Window and Window_update from Meiling Chen on 2021-02-17 (ietf-http-wg@w3.org from January to March 2021)

From: Meiling Chen <chenmeiling@chinamobile.com>
Date: Wed, 17 Feb 2021 14:22:53 +0800
To: "Martin Thomson" <mt@lowentropy.net>, ietf-http-wg <ietf-http-wg@w3.org>
Message-ID: <202102171422524675115@chinamobile.com>

Hi Martin,
Please see inline.

From: Martin Thomson
Date: 2021-02-17 13:34
To: ietf-http-wg
Subject: Re: new draft for the minimum value setting mechanism of HTTP2.0 Window and Window_update
On Wed, Feb 17, 2021, at 15:57, Meiling Chen wrote:
> > Implementations could just withhold small flow control updates.  Is there a specific reason for having a setting here?
> >  [Meiling] I don't quite understand the question, maybe the answer is not so accurate, we simply provide a way to set the minimum value to prevent some attacks that exploit the smaller value or because there is no default agreed minimum which lead to a normal message is mistaken as an attack.

You suggest that implementations always ensure that their updates are large enough.  This is a good recommendation.  However, you also describe a setting.  Why does one endpoint need to provide this value to the other endpoint?  Can endpoints just do the right thing themselves?
[Meiling] Yes, we describe a setting. There are two ways of setting, one is  the default value setting, the other is the endpoint flexible setting.

Received on Wednesday, 17 February 2021 06:23:16 UTC