Re: Stream State and PRIORITY Frames

Scott Mitchell <> Fri, 20 January 2017 17:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 406EC126D73 for <>; Fri, 20 Jan 2017 09:05:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.699
X-Spam-Status: No, score=-9.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vWcbAPXbuNhf for <>; Fri, 20 Jan 2017 09:05:21 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 526EB12968B for <>; Fri, 20 Jan 2017 09:05:18 -0800 (PST)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1cUcZY-0005RE-5T for; Fri, 20 Jan 2017 17:01:56 +0000
Resent-Date: Fri, 20 Jan 2017 17:01:56 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1cUcZT-0005Px-5R for; Fri, 20 Jan 2017 17:01:51 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <>) id 1cUcZH-0003KV-PY for; Fri, 20 Jan 2017 17:01:44 +0000
Received: by with SMTP id z134so61883399lff.3 for <>; Fri, 20 Jan 2017 09:01:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=g8AqNkm8gWJG7WssMizjZhUsEvJQodKCnsCQYSwOSsw=; b=P3v8jcZllNuYGoSAIGtt429NNXSfMGp3XIMLIzUBeZThkn/qMAfm8DpbVXVXOyvemW OufOBjYv5HdxYBjP4sbTDaW7rjfs3EEZGSUKC0P+IVUPgQ+tA4PCn8cOMqnec50C+p/q XukgYrvDvu4GeS0gVCzxyQFWjOtIq3ji/5jufC3qhKsLmYRnyTTIE9oEdrVXifRq/KBd EB24g85+I69J4rEbKg09QBIHcZCiehpWEGBvXVtsGnrGw8+jqqmOfp8/gFO8SWj/aziF Ey5JiPQ2P25eLaNmjUok5smD8U7RBsnaKrFMu8s8SjV2DGvrPzz74q1iRvElVmTiy2Ls 7WnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=g8AqNkm8gWJG7WssMizjZhUsEvJQodKCnsCQYSwOSsw=; b=EILDJCDor5uedVYxFmdlksyHLt0iF6uVswtQZPvonVf0chU0PiRzuvvOv0sR0awAYV k8IM1oImbZbwUknRNPF26X/BtIhd0s74S+gCEx8WnZh0bjD0/4l+O6hBp47rF7Ee7HIx iPZNm9SD91krrjBpFfzEeZ7heCxsW2cz9mXPiyCHD63HUmojM4OZ4Wphx9Ogz6UK01Xk +ya1k1h6jRXS5S0iebkhhEN7YG4tWxgwAcskDYFnybBOQ2KxM6fh7hz0Db0ODMSiCFYb Ng5w0mhj1tcSjNdJJ5M5C/woKVAD5+malyN0RJ4EUbF9ZkUwtqwJkJcPT1dxvgPaiLRO 4f6g==
X-Gm-Message-State: AIkVDXKe5XpXQlGl6xFYlLfUcklfJOmGY9lmYBzmKAbraSbibTkzY/cPisOoCzqPcdmwvuqIVArCqsy7vewb+Q==
X-Received: by with SMTP id h19mr5289315lfj.33.1484931672012; Fri, 20 Jan 2017 09:01:12 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Fri, 20 Jan 2017 09:01:10 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <>
From: Scott Mitchell <>
Date: Fri, 20 Jan 2017 09:01:10 -0800
Message-ID: <>
To: laike9m <>
Cc: Martin Thomson <>, Tatsuhiro Tsujikawa <>, HTTP Working Group <>
Content-Type: multipart/alternative; boundary="f403045e9f50d37ddf05468998f8"
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-2.9
X-W3C-Scan-Sig: 1cUcZH-0003KV-PY eb099e40f67acc53b2dfcff74502d339
Subject: Re: Stream State and PRIORITY Frames
Archived-At: <>
X-Mailing-List: <> archive/latest/33346
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On Fri, Jan 20, 2017 at 5:17 AM, laike9m <> wrote:

> If you don’t include RESERVED streams in the count for
> SETTINGS_MAX_CONCURRENT_STREAMS then how do you limit the amount of
> RESERVED streams, and how does your peer know about this limit? I have
> imposed an implementation specific metric in the past, but this seems less
> preferable than relying on something in the RFC that the peer is aware of.
> Either way having infinite of something doesn’t work in practice.
> As Martin has explained, H2 doesn’t limit the amount of RESERVED streams,
> based on the notion that HEADERS are close to free.

"HEADERS are free" sounds like an over simplification which becomes more
apparent as the concurrency of streams and connections grows. There are
other provisions in the RFC to limit the amount of state consumed by

In addition to headers this may require additional state to be allocated
for stream management. The specification also has mechanisms to limit state
consumed by streams.

It’s true that one trying to send infinite number of PUSH_PROMISEs to
> client can cause problems, but 1. This only happens if the server is
> malicious, and if it’s malicious,having a limit in the RFC won’t prevent
> anything, and 2. Not counting PUSH_PROMISEs is a tradeoff for fast delivery
> of PUSH_PROMISEs, which stops client from sending more requests. I guess
> this is what Martin meant by “If you limit server push by applying a stream
> limit, then you prevent it from being used in time for the client to use
> it.”
(Forgot to reply to all :P)

Malicious actors is a concern and must be dealt with. However there may be
proxy-like systems with large amounts of concurrency or other memory
constraint systems that already control their resources but the peer's only
mechanism to know about these limits is to try-then-fail. Assuming clients
impose some limit to their state (infinite state isn't practical) then the
problem of "the client won't accept this push" exists if the server knows
about it before hand or not. Knowing about it before hand gives the server
the ability to potentially prioritize which resources it wants to push or
make other more informed decisions.

> On Thu, Jan 19, 2017 at 9:21 AM, Scott Mitchell <>
> wrote:
>> On Tue, Jan 17, 2017 at 2:43 PM, Scott Mitchell <
>> > wrote:
>>> From my perspective I would like to see two clarifications:
>>> 1. It is clear to me that PRIORITY doesn't impact state.
>> Just to clarify ... it is clear that a PRIORITY frame doesn't impact the
>> state of the stream  it is carrying priority information for. The impacts
>> PRIORITY frames have on other streams is not clear due to the wording in
>> section 5.1.1.
>>> However Section 5.1.1 states "first use of a new stream identifier"
>>> which makes no reference to stream state. If stream state is
>>> important/implied here better to be specific about it. I don't think the
>>> one-off example below this text is sufficient to convey the intended
>>> implications of this statement.
>>> 2. Section 5.1.2 states "Streams in either of the 'reserved' states do
>>> not count toward the stream limit." which seems to conflict with section
>>> 8.2.2 "A client can use the SETTINGS_MAX_CONCURRENT_STREAMS setting to
>>> limit the number of responses that can be concurrently pushed by a
>>> server.". These two statements appear to contradict each other. Since
>>> SETTINGS_MAX_CONCURRENT_STREAMS is really the only mechanism to limit
>>> resources due to server push I'm assuming section 5.1.2 is overly
>>> restrictive.
>>> On Tue, Jan 17, 2017 at 2:27 PM, Martin Thomson <
>>>> wrote:
>>>> On 18 January 2017 at 01:37, Tatsuhiro Tsujikawa <>
>>>> wrote:
>>>> > If my understanding is correct, this only refers to the new stream ID
>>>> used
>>>> > by HEADERS, and PUSH_PROMISE frames which open or reserve streams.
>>>> The
>>>> > example text following that statement uses HEADERS which opens new
>>>> stream.
>>>> > PRIORITY frame does not change stream state, and there is no reason
>>>> to close
>>>> > all unused streams lower than bearing stream ID.  That said, I agree
>>>> that
>>>> > this is not crystal clear in the document.  In practice, this is
>>>> probably
>>>> > rather rare case.
>>>> This is, I think, the expectation.
>>>> I think that we probably want to clarify the point by explicitly
>>>> saying that PRIORITY doesn't affect stream states.  We say that it can
>>>> be sent in any state, but we don't also mention that important point.
>>>> Do people here agree that an erratum on this point is appropriate
>>>> here?