Re: HTTP/2 GREASE, Results, and Implications

Bence Béky <> Fri, 01 November 2019 11:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 99E87120828 for <>; Fri, 1 Nov 2019 04:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zolyWNoV7XKq for <>; Fri, 1 Nov 2019 04:47:00 -0700 (PDT)
Received: from ( [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 787B4120822 for <>; Fri, 1 Nov 2019 04:47:00 -0700 (PDT)
Received: from lists by with local (Exim 4.89) (envelope-from <>) id 1iQVLc-0007rv-VF for; Fri, 01 Nov 2019 11:44:08 +0000
Resent-Date: Fri, 01 Nov 2019 11:44:08 +0000
Resent-Message-Id: <>
Received: from ([2603:400a:ffff:804:801e:34:0:4c]) by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <>) id 1iQVLa-0007rE-O1 for; Fri, 01 Nov 2019 11:44:06 +0000
Received: from ([2607:f8b0:4864:20::92b]) by with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1iQVLY-0000BP-Rq for; Fri, 01 Nov 2019 11:44:06 +0000
Received: by with SMTP id l38so2822360uad.4 for <>; Fri, 01 Nov 2019 04:44:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Wc0fCpNWXxZDAV4keFp/XOJx0WQltLNgCSjReAfDI04=; b=Zj+GVXNYxRZB1SL82GiwFzOZJ8m/NDBa/q8L5vPhXpVxk3M1C/dJYqfvrITKOQcrIx vbT/4cRAf9aXOCpYusKDlOsiWODXcS4ehrgm2NPiBsDwUineM7pJTGeLOPwRDdCS18JG RjSdWUrKYSh/a6HW/T0tL+vo80mrwMIrUElmU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Wc0fCpNWXxZDAV4keFp/XOJx0WQltLNgCSjReAfDI04=; b=WsrWIjoQzGIXZ6sU9sH6F10ZHepMbFTq3L6vZCjSmSSJfQbcd0XhPintCGg2Lyz46n LYIZGn+DLY2qtf07FaxsyaAsNPDiKQ9d1NF4RhiG5r90rjk9YOG7zByqiBnGwSjl+voQ cxezRmmQKP2dLIcjQ+eHLUIrwez5jAhBZRk/syonsWY9UfLhAI7sS0GuEyhEYZbCfuUw vYbFShM8AdScZoPoEm7r6jEeRlHlmna9mNztMBCW6rFJ8JpGgpMvT0Bhjz7Vo5A/TvHp kecmntYzcLrXq9JMaTr7/OJFEW++EQ2LpAApBM5e0sIUzf70Ka9UDqpAOYrAYdC1NqHl 9n7w==
X-Gm-Message-State: APjAAAUtyHRVjhPA/47fGp4STruAEyqQJtXwdWfEJESvoToZutwL0KX2 ue2aiqY9EEwkPb66mI7qNIeTC0b7iluANOMDVDmrZRiYsMo=
X-Google-Smtp-Source: APXvYqx88NnQmjf91rXsZRNaKBnSe7BBWUR8IvYfRmKGPnqKpAgrLKt/AHw/Bib2pss3xx9nFE/5lLgMhr/o0/v5PZM=
X-Received: by 2002:a9f:27a4:: with SMTP id b33mr4162580uab.24.1572608643000; Fri, 01 Nov 2019 04:44:03 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: =?UTF-8?Q?Bence_B=C3=A9ky?= <>
Date: Fri, 1 Nov 2019 07:43:51 -0400
Message-ID: <>
To: Willy Tarreau <>
Cc: Mike Bishop <>, HTTP Working Group <>
Content-Type: multipart/alternative; boundary="00000000000089de3d0596477b37"
Received-SPF: pass client-ip=2607:f8b0:4864:20::92b;;
X-W3C-Hub-Spam-Status: No, score=-12.3
X-W3C-Scan-Sig: 1iQVLY-0000BP-Rq 58d24710d6374cb76fa9cfbfee9bfc25
Subject: Re: HTTP/2 GREASE, Results, and Implications
Archived-At: <>
X-Mailing-List: <> archive/latest/37101
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

Hi Willy,

Yes, I agree with you.  My current plan is to make Chrome send a frame of
reserved type
* on stream 0, after the SETTINGS frame;
* on non-zero streams, after each HEADERS and DATA frame that does not have
the END_STREAM flag set;
* or alternatively, after each HEADERS and DATA frame, and if the stream
should be closed, then send an empty DATA frame with END_STREAM after the
reserved frame.

I think this conforms to the state transition requirements you summarized.
Thank you for the guidance.  I'll keep the list posted.



On Thu, Oct 31, 2019 at 4:35 PM Willy Tarreau <> wrote:

> On Thu, Oct 31, 2019 at 01:08:53PM -0400, Bence Béky wrote:
> > Thanks, Willy, for pointing out the different sections of RFC7540
> > concerning unknown frame types.  It seems to me that for the past few
> days
> > Chrome (on certain channels) has been sending frames on half-closed
> > (remote) streams.
> Bence, I saw that you updated the issue regarding this point. If
> you're going to be stricter on the states to respect the (confusing)
> wording of the spec, then you need to be very careful about other states
> for completeness:
>   - closed: An endpoint MUST NOT send frames other than PRIORITY on a
> closed
>     stream.
>   - reserved (remote): An endpoint MUST NOT send any type of frame other
>     than RST_STREAM, WINDOW_UPDATE, or PRIORITY in this state.
>   - idle: Receiving any frame other than HEADERS or PRIORITY on a stream in
>     this state MUST be treated as a connection error.
> I think it's reasonable to assume that only these transitions (in addition
> to the already mentioned half-closed) face such restrictions. This means
> that any new non-negociated frame type will still be allowed for the
> connection (stream 0) and open streams. This sounds quite reasonable and
> should not risk to trigger the consistency issues in the spec's wording.
> And at first glance if that's the case I don't need to patch my code,
> so we can expect that other implementations faced similar issues and
> that the limitations above remain acceptable (but an errata will have
> to be filed to keep track of this).
> Hoping this helps,
> Willy