Frame size errors
Martin Thomson <martin.thomson@gmail.com> Tue, 23 September 2014 16:37 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7756F1A8721 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Sep 2014 09:37:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.788
X-Spam-Level:
X-Spam-Status: No, score=-7.788 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6Xb6dT2T2aJ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 23 Sep 2014 09:37:19 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D65901A1B23 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 23 Sep 2014 09:37:19 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XWT1C-00078c-QK for ietf-http-wg-dist@listhub.w3.org; Tue, 23 Sep 2014 16:32:46 +0000
Resent-Date: Tue, 23 Sep 2014 16:32:46 +0000
Resent-Message-Id: <E1XWT1C-00078c-QK@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XWT0a-0006zL-A6 for ietf-http-wg@listhub.w3.org; Tue, 23 Sep 2014 16:32:08 +0000
Received: from mail-lb0-f181.google.com ([209.85.217.181]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XWT0Z-0002kz-2P for ietf-http-wg@w3.org; Tue, 23 Sep 2014 16:32:08 +0000
Received: by mail-lb0-f181.google.com with SMTP id b6so3783422lbj.26 for <ietf-http-wg@w3.org>; Tue, 23 Sep 2014 09:31:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=LpTispw2tyr89gPU78CqpUskUxd1kCZjt3rwn2jq+Ps=; b=jK4JQBmXBL9iNDGib34gOJwypmqgu/5Mx85gHKhn1nCw28xOt5fnVaIJCjspDgklKq LDUdeeC4ZQSH+t7VuEb1esbZbgNevOiklVqHW/gkzZiBG9HsaF7RFLb4EzwH1EBk0RDV zsCjWDeONAHT07d9la02VV6xEb0kh0re+n9dBfGl7LCZFlEoN3y6BbwSrs2weNROKr+v X3ySOvlBCo1wXSoaJVEXHzRKcrUuSmHgAHSHt2sP7o/vG3l7mlvmFjKUpIRyhOV0E8Ao zHvDw7BAjaDZAbj3tpqS3eeWKk+VhyakAWrwR0LyNrc+Ata0BBvsOkxgN2vdLq5SkjK+ UChQ==
MIME-Version: 1.0
X-Received: by 10.152.43.99 with SMTP id v3mr684335lal.13.1411489900106; Tue, 23 Sep 2014 09:31:40 -0700 (PDT)
Received: by 10.25.166.75 with HTTP; Tue, 23 Sep 2014 09:31:40 -0700 (PDT)
Date: Tue, 23 Sep 2014 09:31:40 -0700
Message-ID: <CABkgnnUMkiGfM1shACLBwbnG8J8UAdL_W_ow4T2BMXfMoHXRGQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.217.181; envelope-from=martin.thomson@gmail.com; helo=mail-lb0-f181.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.728, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XWT0Z-0002kz-2P 174d54886557f29ef8f51bb7a3fd399c
X-Original-To: ietf-http-wg@w3.org
Subject: Frame size errors
Archived-At: <http://www.w3.org/mid/CABkgnnUMkiGfM1shACLBwbnG8J8UAdL_W_ow4T2BMXfMoHXRGQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27179
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I've prepared a pull request that tightens the restrictions on frame sizes. https://github.com/http2/http2-spec/pull/616 Brad Fitzpatrick raised issue #611 with identifying when a FRAME_SIZE_ERROR is appropriate. I plan to answer the question by placing hard limits on frame size, requiring a FRAME_SIZE_ERROR in all cases where the frame size is undefined. This should close the issue regarding what fields are open to (unnegotiated) extension. Any objections to this change? It's marked editorial in the tracker, but we're at a stage now that I think that substantive changes even as minor as this need to be raised here. I'll hold this for a while and pull this in unless I hear screams.
- Frame size errors Martin Thomson
- RE: Frame size errors Mike Bishop
- Re: Frame size errors Matthew Kerwin
- Re: Frame size errors Martin Thomson