IETF Logo Mail Archive

Re: HTTP/2 and TCP CWND

Roberto Peon <grmocg@gmail.com> Mon, 15 April 2013 22:57 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ED2421F9349 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Apr 2013 15:57:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zr9YwxQLAC-V for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 15 Apr 2013 15:57:24 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 321CA21F92BD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 15 Apr 2013 15:57:24 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1URsKR-00035s-C8 for ietf-http-wg-dist@listhub.w3.org; Mon, 15 Apr 2013 22:56:51 +0000
Resent-Date: Mon, 15 Apr 2013 22:56:51 +0000
Resent-Message-Id: <E1URsKR-00035s-C8@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1URsKN-00033Y-DU for ietf-http-wg@listhub.w3.org; Mon, 15 Apr 2013 22:56:47 +0000
Received: from mail-oa0-f49.google.com ([209.85.219.49]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1URsKM-0005pf-1C for ietf-http-wg@w3.org; Mon, 15 Apr 2013 22:56:47 +0000
Received: by mail-oa0-f49.google.com with SMTP id j6so4867977oag.22 for <ietf-http-wg@w3.org>; Mon, 15 Apr 2013 15:56:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=UgjnsAKuespzm61xLbPxJ+9PHDOOg380cZs9buVdJY0=; b=1E5ILOBSkvZjCET5c834N8ltB+vTQlEafsCgIZO96WU3gprXw7tCwEEdSRpVyYoh/f vt/SdJNQwWI+B0vw+W8lZIX8uu6OnzbVquj7Jo5mOZEtViU5g8AR2DRVrhP+kJb0HUAB QnygoXavWm//Tx9uZ3mzihuaBcE5be04ygmi0fb327EzXV+VHMn3z9FQgmaVEJBbOVLd k857KRvXI+F3tjr989EJn5c9f2dJZv+O2qfNUFkUpjWt0ipHyDZDe1kLOJYJrZAEM5yr mVwl5EI+yy3g02kgzrN9F89mt+Cee2LXo32CPDydsT5hgocuZjNdIqysTjzGgqAyHN88 DzpA==
MIME-Version: 1.0
X-Received: by 10.182.136.72 with SMTP id py8mr8227764obb.0.1366066580030; Mon, 15 Apr 2013 15:56:20 -0700 (PDT)
Received: by 10.76.141.83 with HTTP; Mon, 15 Apr 2013 15:56:19 -0700 (PDT)
In-Reply-To: <95367D0C-D34C-4542-A0DE-921BBDE6A239@netapp.com>
References: <516B8824.8040904@cisco.com> <DF8F6DB7E5D58B408041AE4D927B2F48CBB88103@CINURCNA14.e2k.ad.ge.com> <CAP+FsNfeUtKfOMPKriYP7Ak_YzsjEFKvprJOAQaxYP7_BxTBsw@mail.gmail.com> <cf53405c48dc431693573a9148776c8a@BN1PR03MB072.namprd03.prod.outlook.com> <8B0AAE84-CAB8-483B-99FD-DA6A0CA13395@netapp.com> <CAP+FsNca6TOB2B-ntnEHvzPx3JY=6Qcp34RgF7uQsbdsLUbptQ@mail.gmail.com> <95367D0C-D34C-4542-A0DE-921BBDE6A239@netapp.com>
Date: Mon, 15 Apr 2013 15:56:19 -0700
Message-ID: <CAP+FsNfGBYXABwLJJMk6rC_GAMVD2RXaMFEu93oGwMaCuCzN7Q@mail.gmail.com>
From: Roberto Peon <grmocg@gmail.com>
To: "Eggert, Lars" <lars@netapp.com>
Cc: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>, "Simpson, Robby (GE Energy Management)" <robby.simpson@ge.com>, Eliot Lear <lear@cisco.com>, Robert Collins <robertc@squid-cache.org>, Jitu Padhye <padhye@microsoft.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "Brian Raymor (MS OPEN TECH)" <Brian.Raymor@microsoft.com>, Rob Trace <Rob.Trace@microsoft.com>, Dave Thaler <dthaler@microsoft.com>, Martin Thomson <martin.thomson@skype.net>, Martin Stiemerling <martin.stiemerling@neclab.eu>
Content-Type: multipart/alternative; boundary="e89a8f5039bc3e0e2f04da6e29fa"
Received-SPF: pass client-ip=209.85.219.49; envelope-from=grmocg@gmail.com; helo=mail-oa0-f49.google.com
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: AWL=-1.722, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1URsKM-0005pf-1C 044fff9ff0a90a236a9179a1940bf6a3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and TCP CWND
Archived-At: <http://www.w3.org/mid/CAP+FsNfGBYXABwLJJMk6rC_GAMVD2RXaMFEu93oGwMaCuCzN7Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17240
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

When you have a lot of users, attempting to cache for them server-side is
not really possible, and opens the site up to some interesting DoS vectors.

There are easier ways to attack servers and clients (e.g. use DNS to
perform various attacks, simply send a SYN flood, etc.) than messing with
this, but it should always only be advisory.
The interesting thing about the client mucking with this data is that, so
long as the server's TCP implementation is smart enough not to kill itself
(and some simple limits accomplish that), the only on the client harms is
itself...
-=R


On Mon, Apr 15, 2013 at 3:26 PM, Eggert, Lars <lars@netapp.com> wrote:

> Hi,
>
> On Apr 15, 2013, at 15:15, Roberto Peon <grmocg@gmail.com> wrote:
> > If it was defined as an opaque blob that the transport layer delegates to
> > the application layer to transmit and cache, would it seem as scary?
> ...
> > I think you mistake the intent. The intent is to make it easy for
> transport
> > experimentation by giving a mechanism that can be implemented today of
> > storing transport-related data, and by giving that back to the transport
> > layer upon session resumption.
>
> why does the app need to be involved here at all? It TCP wants to cache
> state from one connection instance to the next, it can (and does, in some
> cases) already do so.
>
> Yeah, for HTTP, you might want the HTTP client to hold that state instead
> of the HTTP server as an optimization, so you need to get it in and out of
> the server kernel. But is that really of general usefulness? There seem to
> be some significant security challenges here, such as whether a server
> would even trust this opaque information, given that the client could have
> messed with it. (Blindly using this state could have detrimental effects on
> other connections the server has open.)
>
> Lars

v2.23.0 | Report a Bug | By Email