Re: [quicwg/base-drafts] QPACK security considerations (#3575)

Lucas Pardue <> Tue, 14 April 2020 22:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 384823A11D9 for <>; Tue, 14 Apr 2020 15:47:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.863
X-Spam-Status: No, score=-1.863 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U6A0R1Xb2Fb2 for <>; Tue, 14 Apr 2020 15:47:37 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BD9723A11D6 for <>; Tue, 14 Apr 2020 15:47:37 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1DD442800A9 for <>; Tue, 14 Apr 2020 15:47:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1586904457; bh=xDj7UleAfReRzRIy/6omT+JlgGc+B4mOjp/5ZLm7lJM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=g4TMS0EmAK2ZtO33N/1ApvI2U5+DAzAXwFdK1FlgU0YWcN9vzU4hNQyki37sDOk9T eGnO0MPQXv6OJZc2HCEfePuODF3qLfA9QRR7b2+7hNgo3FAjb+QF2e3vbcV6jqRikN GJvnJWFmDAd9FyAZMx0kiycOXzgyCdET76pUW9wU=
Date: Tue, 14 Apr 2020 15:47:37 -0700
From: Lucas Pardue <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3575/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] QPACK security considerations (#3575)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5e963d89e60a_df63fe4a6acd9682752d0"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: LPardue
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Apr 2020 22:47:39 -0000

@LPardue commented on this pull request.

> +The amount of memory used by the compressor is limited by the protocol using
+QPACK through the definition of the maximum size of the dynamic table, and the
+maximum number of blocking streams. In HTTP/3, these values are controlled by
+the decoder through the setting parameter QPACK_MAX_TABLE_CAPACITY and
+QPACK_BLOCKED_STREAMS, respectively (see Section
+{{maximum-dynamic-table-capacity}} and {{blocked-streams}}). The limit on the
+size of the dynamic table takes into account both the size of the data stored in
+the dynamic table, plus a small allowance for overhead.  The limit on the number
+of blocked streams is only a proxy for the maximum amount of memory required by
+the decoder.  The actual maximum amount of memory will depend on how much memory
+the decoder uses to track each blocked stream.
+A decoder can limit the amount of state memory used for the dynamic table by
+setting an appropriate value for the maximum size of the dynamic table. In
+HTTP/3, this is realized by setting an appropriate value for the
+QPACK_MAX_TABLE_CAPACITY parameter. An encoder can limit the amount of state


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: