Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a case of massive HEADERS at startup in the section of DoS Considerations #343

Closed
shigeki opened this issue Jan 16, 2014 · 2 comments
Closed

add a case of massive HEADERS at startup in the section of DoS Considerations #343

shigeki opened this issue Jan 16, 2014 · 2 comments
Labels
design editor-ready security
Milestone
Fourth Implementa...

Comments

@shigeki
Copy link

shigeki commented Jan 16, 2014

An initial value of SETTINGS_MAX_CONCURRENT_STREAMS is no limit and a server can receive massive HEADERS from a malicious client before synchronization of the first SETTINGS.

These requests are legitimate but it is a risk of denial of service attack and need to be described in the security section.
@mnot
Copy link
Member

mnot commented Jan 24, 2014

Discussed in Zurich; add a sentence or two to DoS Considerations along these lines.

@martinthomson
Copy link
Collaborator

While settings changes are outstanding, there are things that a peer might be able to do that is not provably bad and can therefore be exploited to generate excessive work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
design editor-ready security
Projects
None yet
Milestone
Fourth Implementation Draft
Development

No branches or pull requests
3 participants
@martinthomson @mnot @shigeki