Re: [Gen-art] Gen-ART LC/Telechat review of draft-reschke-http-status-308-05

Ben Campbell <ben@nostrum.com> Fri, 16 March 2012 21:06 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C86DF21E8024; Fri, 16 Mar 2012 14:06:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.244
X-Spam-Level:
X-Spam-Status: No, score=-102.244 tagged_above=-999 required=5 tests=[AWL=-0.244, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F7rzzQgQQQLS; Fri, 16 Mar 2012 14:06:12 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id EBCF821E800C; Fri, 16 Mar 2012 14:06:08 -0700 (PDT)
Received: from frankenstein.test.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id q2GL6467010649 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 16 Mar 2012 16:06:06 -0500 (CDT) (envelope-from ben@nostrum.com)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=us-ascii
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <4F5E2F65.1000706@gmx.de>
Date: Fri, 16 Mar 2012 16:06:04 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A884C60-A13C-4F37-AF83-3F542DE00153@nostrum.com>
References: <27FD8C7A-7636-4D60-A65E-C2B264857A0E@nostrum.com> <4F5E2F65.1000706@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
X-Mailer: Apple Mail (2.1257)
Received-SPF: pass (nostrum.com: 75.53.54.121 is authenticated by a trusted mechanism)
Cc: "gen-art@ietf.org Review Team" <gen-art@ietf.org>, The IETF <ietf@ietf.org>, draft-reschke-http-status-308.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-ART LC/Telechat review of draft-reschke-http-status-308-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2012 21:06:18 -0000

Apologies for the delayed response--the day job got in the way this week.

Comments inline:

On Mar 12, 2012, at 12:16 PM, Julian Reschke wrote:

> On 2012-03-12 17:15, Ben Campbell wrote:
>> I am the assigned Gen-ART reviewer for this draft. For background on
>> Gen-ART, please see the FAQ at
>> <  http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>gt;.
>> 
>> Please wait for direction from your document shepherd
>> or AD before posting a new version of the draft.
>> 
>> Document: draft-reschke-http-status-308-05
>> Reviewer: Ben Campbell	
>> Review Date: 2012-03-12
>> IETF LC End Date: 2012-03-16
>> IESG Telechat date: 2012-03-15
>> 
>> Summary: This draft is basically ready for publication as an experimental RFC. I have a few minor comments that might be worth considering whether they would improve the document prior to publication.
>> 
>> Note: Since this draft is on a Telechat that precedes the end of the IETF Last Call, this review serves as both the LC and Telechat review.
> 
> Thanks.
> 
>> Major issues:
>> 
>> None:
>> 
>> Minor issues:
>> 
>> -- General: I see some discussion about existing UA behavior, but nothing about what a UA should do with a 308 other than as an implication the fact that this is a "permanent version of 307". It's probably worth describing that explicitly. (Or is that what the "clients with link-editing capabilities" statement is intended to do?If so, does that cover everything?)
> 
> The draft uses *exactly* the same words as the base spec (HTTPbis), except that it combines aspects of 302 (permanence) with those of 307. I thought that's clear enough.

I assume you meant 301 and 307. 

I note that all of the 3XX responses have their semantics explicitly described in httpbis. While some reference other 3XX codes to contrast the behavior, none seem to be defined in terms of each other. The 301 definition includes an explicit note about the POST to GET behavior. The 307 definition includes an explicit post about that behavior not being allowed. Section 3 of this doc does neither.

Looking further, I see that both the 301 and 307 definitions have different language about the response payload (they say if the method was not HEAD the payload SHOULD contain short  hypertext note, while this doc says the payload can contain one. (which I read as equivalent to a MAY).

Finally, both 301 and 307 contain a paragraph about automatic redirection for "safe" methods.

> 
>> -- section 1, last paragraph:
>> 
>> The fact that a 308 can't change the method is left as an implication of being based on 307. It would be good to state that explicitly and normatively here.
> 
> We don't state it in HTTPbis either. 301, 302, and 303 are exceptions. See the new introduction in <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-18.html#rfc.section.7.3>.

HTTPbis sections 7.3.2, 7.3.3, 7.3.4, and 7.3.8 all contain explicit language or notes about about  GET and POST. I recognize that it is not stated _normatively_ in each case, but it's at least mentioned.

> 
>> -- section 3, 1st paragraph: "Clients with link-editing capabilities ought to..."
>> 
>> Should that be stated normatively?
> 
> No. Again, this is consistent with the text in HTTPbis for status code 302.

I concur that it says that. I find it unfortunate that HTTPbis used non-normative language there, but the text in this draft is consistent.

> 
>> -- section 3, third paragraph: "The new permanent URI SHOULD be given..."
>> 
>> I'm curious why that is not a MUST. Is there a reasonable (i.e. interoperable)  way to send a 308 _without_ a URI in the location field? Is the meta refresh directive something that can be used _instead_ of the Location header field?
> 
> Again, consistency with RFC 2616 and HTTPbis.

You are correct.

> 
>> -- section 4:
>> 
>> The example uses _both_ the location field and the HTML<meta>  refresh directive. Is this considered a recommended practice to the degree you might normatively recommend it in the text?
> 
> No, it's a hack that makes deployment easier until all UAs do the right thing; we don't want to make that permanent.

A comment to that effect in the text would be helpful.