>> Wouldn't it be possible to abstract this away for the web developer? I.e. >> the send method should, like for WebSockets, not have a max size. Instead >> the sending UA would be responsible for chopping up (the receiving UA for >> re-assembling) the message into packets not larger than the minimum path >> MTU. Depending on the UA (and how integrated with the IP stack of the device >> it is) different levels of implementation sophistication could be used (e.g. >> max 576 byte, or select 576/1280 depending on IP version, or even using MTU >> path discovery to find out max size). >Yes, we could reimplement UDP's defragmentation mechanism at the higher level.
>There are a few things to keep in mind if you do that (for instance, there's a >well known resource exhaustion attack where an attacker sends you the first >part of UDP packets and never sends you the rest of it, until you run out of >reassembly buffers, and of course the chance of losing a packet goes up >significantly when all the fragments need to make it in order to achieve >correct reassembly). The attacker in this case would be a (hacked) browser as the web developer can do no such thing. Of course larger data chunks increases the risk of not getting it over. This may be problematic: how can you explain this to the web developer in an understandable way?
