HTTP/2 open issues <draft-ietf-httpbis-http2-17>
Bob Briscoe <bob.briscoe@bt.com> Fri, 06 March 2015 15:25 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDDA1ACE34 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 6 Mar 2015 07:25:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7g3fLu4Kmjcd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 6 Mar 2015 07:24:58 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC6AB1A000F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 6 Mar 2015 07:24:58 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YTu4F-0008Fb-Gf for ietf-http-wg-dist@listhub.w3.org; Fri, 06 Mar 2015 15:21:35 +0000
Resent-Date: Fri, 06 Mar 2015 15:21:35 +0000
Resent-Message-Id: <E1YTu4F-0008Fb-Gf@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <bob.briscoe@bt.com>) id 1YTu49-0008DF-1T for ietf-http-wg@listhub.w3.org; Fri, 06 Mar 2015 15:21:29 +0000
Received: from hubrelay-rd.bt.com ([62.239.224.99]) by lisa.w3.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <bob.briscoe@bt.com>) id 1YTu47-0001fV-5R for ietf-http-wg@w3.org; Fri, 06 Mar 2015 15:21:28 +0000
Received: from EVMHR71-UKRD.domain1.systemhost.net (10.36.3.109) by EVMHR67-UKRD.bt.com (10.187.101.22) with Microsoft SMTP Server (TLS) id 8.3.348.2; Fri, 6 Mar 2015 15:20:58 +0000
Received: from EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) by EVMHR71-UKRD.domain1.systemhost.net (10.36.3.109) with Microsoft SMTP Server (TLS) id 8.3.348.2; Fri, 6 Mar 2015 15:20:54 +0000
Received: from bagheera.jungle.bt.co.uk (132.146.168.158) by EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) with Microsoft SMTP Server id 14.3.181.6; Fri, 6 Mar 2015 15:20:51 +0000
Received: from BTP075694.jungle.bt.co.uk ([10.111.19.140]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id t26FKnWA013681; Fri, 6 Mar 2015 15:20:49 GMT
Message-ID: <201503061520.t26FKnWA013681@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Fri, 06 Mar 2015 15:20:48 +0000
To: mbelshe@chromium.org, fenix@google.com, martin.thomson@gmail.com
From: Bob Briscoe <bob.briscoe@bt.com>
CC: ietf-http-wg@w3.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=====================_713254027==.ALT"
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
Received-SPF: pass client-ip=62.239.224.99; envelope-from=bob.briscoe@bt.com; helo=hubrelay-rd.bt.com
X-W3C-Hub-Spam-Status: No, score=-1.4
X-W3C-Hub-Spam-Report: AWL=-0.691, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: lisa.w3.org 1YTu47-0001fV-5R df974c59083ef83a4def467ec466e234
X-Original-To: ietf-http-wg@w3.org
Subject: HTTP/2 open issues <draft-ietf-httpbis-http2-17>
Archived-At: <http://www.w3.org/mid/201503061520.t26FKnWA013681@bagheera.jungle.bt.co.uk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28898
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
HTTP/2 editor & co-authors,
As I read through the draft, I attempted to list all the areas where
an open issue has been left dangling. I checked the issues list, and
none of these were there. I expect you might want to (or ought to)
move some of these onto an issues list (for a future version of HTTP,
if not the current version).
That being said, in nearly all the cases below, if I had been the
protocol designer, given the importance and prevalence of HTTP, I
would have felt obliged to redesign the protocol to make it
inherently robust against these issues. There should at least be some
assurance that a major extension has safety valves or fall-backs that
can be deployed if faced with an abuse of any of the weaknesses below.
[BTW, I have quoted the text as written - I will list nits in a later posting.]
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-3.2>3.2.
Starting HTTP/2 for "http" URIs
" Requests that contain an payload body MUST be sent in their entirety
before the client can send HTTP/2 frames. This means that a large
request entity can block the use of the connection until it is
completely sent.
"
So...
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-5.2.2>5.2.2.
Appropriate Use of Flow Control
" Deployments with constrained resources (for example, memory) can
employ flow control to limit the amount of memory a peer can consume.
Note, however, that this can lead to suboptimal use of available
network resources if flow control is enabled without knowledge of the
bandwidth-delay product (see [RFC7323]).
"
So... (see previous posting on flow control)
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-5.2.2>5.2.2.
Appropriate Use of Flow Control
" When using flow
control, the receiver MUST read from the TCP receive buffer in a
timely fashion. Failure to do so could lead to a deadlock when
critical frames, such as WINDOW_UPDATE, are not read and acted upon.
"
So... (see previous posting on flow control)
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-6.4>6.4.
RST_STREAM
" However, after sending the
RST_STREAM, the sending endpoint MUST be prepared to receive and
process additional frames sent on the stream that might have been
sent by the peer prior to the arrival of the RST_STREAM.
"
So... [I notice numerous IESG reviews picked up on this, but the
sentence has been left unchanged]. When can it eventually relax this
requirement (to release stream state), and what are the consequences
if it relaxes too early?
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-8.2>8.2.
Server Push
" Note this could result in
the promised stream being reset if the client does not recognize a
newly defined method as being safe.
"
So...
[Won't this risk breaking a perfectly good (but unrecognised)
application? Wouldn't the behaviour a couple of paras later be more
appropriate "...made available to the application separately"? Or is
the idea that if the promised stream is reset, the client then
naturally requests the stream?]
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-10.5>10.5.
Denial of Service Considerations
" The SETTINGS frame can be abused to cause a peer to expend additional
processing time. This might be done by pointlessly changing SETTINGS
parameters, setting multiple undefined parameters, or changing the
same setting multiple times in the same frame. WINDOW_UPDATE or
PRIORITY frames can be abused to cause an unnecessary waste of
resources.
"
So...
" Large numbers of small or empty frames can be abused to cause a peer
to expend time processing frame headers. Note however that some uses
are entirely legitimate, such as the sending of an empty DATA or
CONTINUATION frame at the end of a stream.
"
So...
" Header compression also offers some opportunities to waste processing
resources; see Section 7 of [COMPRESSION] for more details on
potential abuses.
"
So...
" Limits in SETTINGS parameters cannot be reduced instantaneously,
which leaves an endpoint exposed to behavior from a peer that could
exceed the new limits. In particular, immediately after establishing
a connection, limits set by a server are not known to clients and
could be exceeded without being an obvious protocol violation.
"
So...
" All these features - i.e., SETTINGS changes, small frames, header
compression - have legitimate uses. These features become a burden
only when they are used unnecessarily or to excess.
"
So...
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-17#section-10.5.2>10.5.2.
CONNECT Issues
" The CONNECT method can be used to create disproportionate load on an
proxy, [...] A proxy therefore
cannot rely on SETTINGS_MAX_CONCURRENT_STREAMS alone to limit the
resources consumed by CONNECT requests.
"
So...
<https://tools.ietf.org/html/draft-ietf-httpbis-http2-16#section-10.8>10.8.
Privacy Considerations
" Because the PING and SETTINGS frames solicit immediate responses,
they can be used by an endpoint to measure latency to their peer.
This might have privacy implications in certain scenarios.
"
So...
Bob
________________________________________________________________
Bob Briscoe, BT
- HTTP/2 open issues <draft-ietf-httpbis-http2-17> Bob Briscoe