IETF Logo Mail Archive

Re: [apps-discuss] Spencer Dawkins' Discuss on draft-ietf-appsawg-http-problem-02: (with DISCUSS and COMMENT)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 07 January 2016 13:58 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAEAB1A8A3F; Thu, 7 Jan 2016 05:58:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_I_LETTER=-2, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmGjd6_mharD; Thu, 7 Jan 2016 05:58:12 -0800 (PST)
Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77FFE1A8A09; Thu, 7 Jan 2016 05:58:12 -0800 (PST)
Received: by mail-vk0-x233.google.com with SMTP id k1so174092629vkb.2; Thu, 07 Jan 2016 05:58:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UarKi31P3B6bMnEQ7f6vA/WRYgMXGuaAha6+XcBoE5Q=; b=ATXHKOALl2TgprWAm7QB26HtsN7RQEq7Z/2lU2c8DNfZvFwRoLS/rjF8fLqiCeeg+Y BD45DvoDpIRINe4ik9MMNPy7XEYlPt4JjnnqMIietQ6EZogcU1HOL8KpUoaWO/ucG7T/ ozSVUOS+7INVedGXyuTnCmHC6yYLC9TeoJ2Rt/SvCmo32Si0Vsh554pRnG3FzA9VMZsi 0g0GjJBXcba8PrUhVA/XxP/fnoSwcp9d7o4/xnD8LCYf9bS/5xZ1qJazkPxnbfkiMCMU Opbyzb9OAia/JIlKsT0ndyWop0ATCVpgR+A3Aw7BtAczNRxjm7S5RNNoj0LNAzOCwRRZ tbKQ==
MIME-Version: 1.0
X-Received: by 10.31.165.71 with SMTP id o68mr66687188vke.67.1452175091586; Thu, 07 Jan 2016 05:58:11 -0800 (PST)
Received: by 10.31.182.75 with HTTP; Thu, 7 Jan 2016 05:58:11 -0800 (PST)
In-Reply-To: <E5E44DF7-6358-4702-9D96-921780CDC6A7@mnot.net>
References: <20151217143841.8732.14093.idtracker@ietfa.amsl.com> <E5E44DF7-6358-4702-9D96-921780CDC6A7@mnot.net>
Date: Thu, 07 Jan 2016 07:58:11 -0600
Message-ID: <CAKKJt-ebQQO4-DT9Y+X9u-55ZhRjPJc=nyXKwxgpJtqUQFFGcg@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="001a1141600a7c5da90528bedc45"
Archived-At: <http://mailarchive.ietf.org/arch/msg/apps-discuss/aC1NqU4O3_2hyshb_BPFEWLnBd4>
Cc: appsawg-chairs@ietf.org, draft-ietf-appsawg-http-problem@ietf.org, The IESG <iesg@ietf.org>, apps-discuss@ietf.org
Subject: Re: [apps-discuss] Spencer Dawkins' Discuss on draft-ietf-appsawg-http-problem-02: (with DISCUSS and COMMENT)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2016 13:58:15 -0000

Hi, Mark,

On Thu, Dec 17, 2015 at 6:05 PM, Mark Nottingham <mnot@mnot.net> wrote:

> Hi Spencer,
>
> On 18 Dec 2015, at 1:38 am, Spencer Dawkins <spencerdawkins.ietf@gmail.com>
> wrote:
>
> > I'm elevating this to a (late) Discuss, because I haven't heard anything
> > back, and didn't want the document approved without having a (short)
> > discussion. I'll be back to Yes after that.
> >
> > In this text,
> >
> >   The "status" member duplicates the information available in the HTTP
> >   status code itself, thereby bringing the possibility of disagreement
> >   between the two.  Their relative precedence is not clear, since a
> >   disagreement might indicate that (for example) an intermediary has
> >   modified the HTTP status code in transit.  As such, those defining
> >   problem types as well as generators and consumers of problems need to
> >   be aware that generic software (such as proxies, load balancers,
> >   firewalls, virus scanners) are unlikely to know of or respect the
> >   status code conveyed in this member.
> >
> > I understand what you're saying about a mismatch being possible, and some
> > of the possible reasons why that might happen, but isn't this saying that
> > anyone who can understand the "status" member should prefer its value
> > when there's a mismatch (because it's less likely to have been dorked
> > with by an intermediary - or is that even true)?
>
> It really depends on what their purpose is. The HTTP status might be
> updated because of legitimate HTTP machinery -- e.g., by a cache (304), or
> a proxy (various things like proxy auth, disconnected operation). The
> status member is there to preserve the original intent of the author, and
> also for convenience (e.g., when a message is persisted, often the status
> is lost).
>
>
> > So, the situation looks to me, like there's a MUST
> >
> >   The status member, if present, is only advisory; it conveys the HTTP
> >   status code used for the convenience of the consumer.  Generators
> >   MUST use the same status code in the actual HTTP response, to assure
> >   that generic HTTP software that does not understand this format still
> >   behaves correctly.
> >
> > that some intermediary can dork with, so the result violates the MUST,
> > and we really can't tell the receiver what you should do at that point.
> > "Gee, I guess you're gonna have to flip a coin to decide who to believe"
> > would be sad, but it would be more guidance than the document has now :-)
>
> If you're implementing generic HTTP software, you're going to be using the
> HTTP status. If you're interpreting the HTTP problem itself, you're
> probably going to pay attention to the one in-document, IF you pay
> attention to it at all.


Thanks for the explanations.

I'll clear this Discuss, but would love it if you could say something like
what you've told me in the document.


> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > I've wished this mechanism was available, a few times already.
> >
> > In this text,
> >
> >   If such additional members are defined, their names SHOULD start with
> >   a letter (ALPHA, as per [RFC5234], Appendix B.1) and SHOULD consist
> >   of characters from ALPHA, DIGIT (Ibid.), and "_" (so that it can be
> >   serialized in formats other than JSON), and SHOULD be three
> >   characters or longer.
> >
> > are there any benefits to not conforming to these SHOULDs? For example,
> > would you really need to have a two-character member name, and you'd fail
> > if the member name was three characters long? ("Why are these not
> > MUSTs?")
>
> Those requirements are to make it compatible with the XML mapping. They're
> SHOULDs because someone might be really, really sure that their problems
> will never be used in XML.
>
> Cheers,
>
>
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>

v2.23.0 | Report a Bug | By Email