From 7ab8417b5d3c17346da74d4f82571b24a37eae41 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Thu, 6 Jun 2019 11:26:25 -0700 Subject: [PATCH 1/5] Discuss max-header-list-size from the other side --- draft-ietf-quic-http.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 598665ae47..6e325e3f67 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -485,13 +485,17 @@ head-of-line blocking. See that document for additional details. An HTTP/3 implementation MAY impose a limit on the maximum size of the header it will accept on an individual HTTP message; encountering a larger message header -SHOULD be treated as a stream error of type `HTTP_EXCESSIVE_LOAD`. If an -implementation wishes to advise its peer of this limit, it can be conveyed as a -number of bytes in the `SETTINGS_MAX_HEADER_LIST_SIZE` parameter. The size of a -header list is calculated based on the uncompressed size of header fields, +SHOULD be treated as a stream error of type `HTTP_EXCESSIVE_LOAD`. The size of +a header list is calculated based on the uncompressed size of header fields, including the length of the name and value in bytes plus an overhead of 32 bytes for each header field. +If an implementation wishes to advise its peer of this limit, it can be conveyed +as a number of bytes in the `SETTINGS_MAX_HEADER_LIST_SIZE` parameter. An +implementation which has received this parameter SHOULD NOT send an HTTP message +header which exceeds the indicated size, as this will likely produce an error +and could disrupt the entire connection if the peer reacts negatively. + ### Request Cancellation and Rejection {#request-cancellation} Clients can cancel requests by aborting the stream (QUIC RESET_STREAM and/or From dd36a721e6ff100820d2cf6adfbe7a3005950d58 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Fri, 7 Jun 2019 09:52:40 -0700 Subject: [PATCH 2/5] Import RFC7540 recommendation to 431 on oversize headers; fixes #2775 --- draft-ietf-quic-http.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 6e325e3f67..ce9a096157 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -484,11 +484,12 @@ HPACK which allows the flexibility to avoid header-compression-induced head-of-line blocking. See that document for additional details. An HTTP/3 implementation MAY impose a limit on the maximum size of the header it -will accept on an individual HTTP message; encountering a larger message header -SHOULD be treated as a stream error of type `HTTP_EXCESSIVE_LOAD`. The size of -a header list is calculated based on the uncompressed size of header fields, -including the length of the name and value in bytes plus an overhead of 32 bytes -for each header field. +will accept on an individual HTTP message. A server that receives a larger +header block than it is willing to handle can send an HTTP 431 (Request Header +Fields Too Large) status code {{?RFC6585}}. A client can discard responses that +it cannot process. The size of a header list is calculated based on the +uncompressed size of header fields, including the length of the name and value +in bytes plus an overhead of 32 bytes for each header field. If an implementation wishes to advise its peer of this limit, it can be conveyed as a number of bytes in the `SETTINGS_MAX_HEADER_LIST_SIZE` parameter. An From 470336a199b09364360381adb02036d148a92e46 Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Wed, 12 Jun 2019 13:39:55 -0700 Subject: [PATCH 3/5] Hop-by-hop --- draft-ietf-quic-http.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index ce9a096157..bb042ef967 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -495,7 +495,9 @@ If an implementation wishes to advise its peer of this limit, it can be conveyed as a number of bytes in the `SETTINGS_MAX_HEADER_LIST_SIZE` parameter. An implementation which has received this parameter SHOULD NOT send an HTTP message header which exceeds the indicated size, as this will likely produce an error -and could disrupt the entire connection if the peer reacts negatively. +and could disrupt the entire connection if the peer reacts negatively. However, +because this limit is applied at each hop, messages below this limit are not +guaranteed to be accepted. ### Request Cancellation and Rejection {#request-cancellation} From 4f5fbccc0f297a0fc43014e4ccfbd85c2ee1a76e Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Wed, 12 Jun 2019 13:41:16 -0700 Subject: [PATCH 4/5] Header terminology --- draft-ietf-quic-http.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index bb042ef967..63c3ae9240 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -483,13 +483,14 @@ HTTP/3 uses QPACK header compression as described in [QPACK], a variation of HPACK which allows the flexibility to avoid header-compression-induced head-of-line blocking. See that document for additional details. -An HTTP/3 implementation MAY impose a limit on the maximum size of the header it -will accept on an individual HTTP message. A server that receives a larger -header block than it is willing to handle can send an HTTP 431 (Request Header -Fields Too Large) status code {{?RFC6585}}. A client can discard responses that -it cannot process. The size of a header list is calculated based on the -uncompressed size of header fields, including the length of the name and value -in bytes plus an overhead of 32 bytes for each header field. +An HTTP/3 implementation MAY impose a limit on the maximum size of the message +header it will accept on an individual HTTP message. A server that receives a +larger header field list than it is willing to handle can send an HTTP 431 +(Request Header Fields Too Large) status code {{?RFC6585}}. A client can +discard responses that it cannot process. The size of a header field list is +calculated based on the uncompressed size of header fields, including the length +of the name and value in bytes plus an overhead of 32 bytes for each header +field. If an implementation wishes to advise its peer of this limit, it can be conveyed as a number of bytes in the `SETTINGS_MAX_HEADER_LIST_SIZE` parameter. An From 9d13fb39c64bf567b1e3a21c9112676f529b3c5f Mon Sep 17 00:00:00 2001 From: Mike Bishop Date: Tue, 18 Jun 2019 14:25:53 -0700 Subject: [PATCH 5/5] Connection (probably) won't blow up --- draft-ietf-quic-http.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/draft-ietf-quic-http.md b/draft-ietf-quic-http.md index 63c3ae9240..c097bd0d3e 100644 --- a/draft-ietf-quic-http.md +++ b/draft-ietf-quic-http.md @@ -495,10 +495,9 @@ field. If an implementation wishes to advise its peer of this limit, it can be conveyed as a number of bytes in the `SETTINGS_MAX_HEADER_LIST_SIZE` parameter. An implementation which has received this parameter SHOULD NOT send an HTTP message -header which exceeds the indicated size, as this will likely produce an error -and could disrupt the entire connection if the peer reacts negatively. However, -because this limit is applied at each hop, messages below this limit are not -guaranteed to be accepted. +header which exceeds the indicated size, as the peer will likely refuse to +process it. However, because this limit is applied at each hop, messages below +this limit are not guaranteed to be accepted. ### Request Cancellation and Rejection {#request-cancellation}