IETF Logo Mail Archive

[Gen-art] Gen-ART Last Call review of draft-ietf-httpbis-cache-header-08

Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 01 July 2021 16:56 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 838BD3A0B81; Thu, 1 Jul 2021 09:56:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KocHM_ww1hIr; Thu, 1 Jul 2021 09:56:21 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2082.outbound.protection.outlook.com [40.107.223.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFF3A3A0ADA; Thu, 1 Jul 2021 09:55:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cJ1scR9DDh9DGoavmdMlPX1z2EvbM1VFG/7MwgSYj2J+/830Q4nfL7/VJM1PU+NeCGpxCqdqdFz9fblSfuagpkjVErJv7TLNYxS7Xm7iWg19bMmQUOGuYGSGSUVF9nO/EgvsqXOB4vUo6Yl5K6KOkTvOlf3XoFusNmSDOuDQeHHv92ByE/Hss3qkZ9Cv6WgjroXFahib+CrgBUJm0ci8uB4mHLdWiHyiQyzYs4r1S/xtRRk9Z+qICMsoj2gmPzFbES6xi1ox0a1g/WnpESHy4PKkhsQxdpBxRv1X8cwn5vm4kUrOJIuJbgdzJWJqlZM2JP8MF3rS16DAdi4uDojecg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K4IGp4yirUyiffeY41B5QmX1m4qZaxSLWgkXXxcEMLo=; b=COAlljflpTu+wsGgzrOzg5k+sSv8jxKVtJ+UaYANOOow7SS9D6y9NUeTBxmB6n3HmCInZOA0e893FyWw52TFu/A/7cMvzz0IxtbbKs551sVU90+d3C5iPkHJj0ayJ4m/xSDvIOSu15xTrS5n9Di+H2LWJgEQFSWKdtbJ7i+vXViTEXMy3S0LZPv2cf5+nWMEVdEMAKVCDIRy3o3JzLxAZBu9i25XtlaCw0V78ixR69ODfMUoJ2pQ+aP+wDUlHei42u6vURl07j77KoyWQyTL4BkvIwCdmQEYP+NLiT8E3kHj6OhMnWlOKaDCJIaULekkOZV0MG8L9QQH329xP4Jhzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K4IGp4yirUyiffeY41B5QmX1m4qZaxSLWgkXXxcEMLo=; b=UfEwwC45fJTJo3yB/L3Rie/L/xvbp154fQcKowgRf6M2u5xPtVs6wBNOVVztGLz2u3ZMlw6SW3/JhorEsUmq3SUBYIGrE+EuwitCfR3smDQkyg3rEArAWaR66pwrqSW5mPv5dnedScr9P8IAq4jjBGBHjoD404hZnZIsifdUBFM=
Received: from DM5PR15CA0034.namprd15.prod.outlook.com (2603:10b6:4:4b::20) by MN2PR12MB4096.namprd12.prod.outlook.com (2603:10b6:208:1dc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.21; Thu, 1 Jul 2021 16:55:37 +0000
Received: from DM3NAM02FT030.eop-nam02.prod.protection.outlook.com (2603:10b6:4:4b:cafe::41) by DM5PR15CA0034.outlook.office365.com (2603:10b6:4:4b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.23 via Frontend Transport; Thu, 1 Jul 2021 16:55:37 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by DM3NAM02FT030.mail.protection.outlook.com (10.13.4.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.22 via Frontend Transport; Thu, 1 Jul 2021 16:55:36 +0000
Received: from MacBook-Air.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 161GtZEe019917 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 1 Jul 2021 12:55:35 -0400
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
To: draft-ietf-httpbis-cache-header.all@ietf.org
Cc: General Area Review Team <gen-art@ietf.org>
Message-ID: <e8c8b750-0f10-c462-3bd2-525770aaf51f@alum.mit.edu>
Date: Thu, 01 Jul 2021 12:55:34 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: bec3c6dd-0318-4e84-fd17-08d93cb10cac
X-MS-TrafficTypeDiagnostic: MN2PR12MB4096:
X-Microsoft-Antispam-PRVS: <MN2PR12MB4096DE453F75B8D8A057620EF9009@MN2PR12MB4096.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Z14b6J1rryyV2qS4Z4aTV+EFLxSOQlTFt9sUpJGKCkoKxmD9erGhC+aJNPgxPeL93H3VigjSProYybi+cahnwSTmpwHkr41o13otIOP6NnBU5mkFdqgML+Wr5MAjFNHj0nhVgBY/wyVkoJtplK2E0uTQ3N5sWqoMe2BBIB03H0U7Y4DMTxX5omykqPn860woVKuxVilu+hS4bwaPPL8ipXfbNT8JnF/Rwdr27vZZIoMT2GU0AtYJ20KMtcKpKEyVF3PYNWd8vrlLiYz0N08+qKdAbQb6yqoXDwgsbirUywlUAo92PWktLQJXJnI/6psrhTaLcNk0EMG7X4tekB9FGQe4tY3OWRNx/mhZzt86ZmN7W454WcguA5UJ4cIV0DPcf8d6SGbZhhOsnJW30Lc902MTK41NYgyAdwPzGbdZpD/vjz2aE0Z0T4TNUud13KcRhZF+wFnn6pN+7MFm+T/kZNb1w6QViYttX2Gxc2FMtVHRax42KboNF3z8mhr+/PVQQua8q8Gl08GBorTHCR6j3cFslIjwc8O2gV5O7aZsrzfgbODVrhH/x23S/zVkfsLeDxbZVg4i8YeOEHPwPcGSMgadwoH0II04FrKar4jyDDO2A9oztu7/ILTG0XF4Fgu+YQ53GJ0GZKAWlBHHQbZcUHKHm/v7BNVuyHt8Wcfs4CH4BlX2LkJAC1voxBEyIzzdhgbsHvgHque4Iyz0jLoObRerjvp9LGL72bowobXrvCuhvHpwWV/WPv/JLsvu5ed1ClLI2BvdMEKs/m0T9gAaMYjbqllUO4ebOBjc1vNgtQPtEGjCq+6mKMNhzxyQLYeQthF5ev1Oszs4YMRPrY7vRAKvtsy4kFLfL8iTjeg7W1I=
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(396003)(346002)(136003)(376002)(39860400002)(36840700001)(46966006)(26005)(956004)(478600001)(83380400001)(6916009)(2616005)(86362001)(47076005)(82740400003)(316002)(186003)(2906002)(31696002)(36906005)(336012)(450100002)(786003)(4326008)(356005)(82310400003)(70206006)(8936002)(70586007)(36860700001)(8676002)(5660300002)(7596003)(31686004)(75432002)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2021 16:55:36.7997 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: bec3c6dd-0318-4e84-fd17-08d93cb10cac
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: DM3NAM02FT030.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4096
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/m4wPg_ElD0I_bU2wlSwf2HjusfM>
Subject: [Gen-art] Gen-ART Last Call review of draft-ietf-httpbis-cache-header-08
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 16:56:33 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-httpbis-cache-header-08
Reviewer: Paul Kyzivat
Review Date: 2021-07-07
IETF LC End Date: 2021-07-01
IESG Telechat date: ?

Summary:

This draft is on the right track but has open issues, described in the 
review.

General:

What I read in Security Considerations section scares me, but I'm not 
competent to express an opinion. I am going to leave this to the 
security review.

Issues:

Major: 0
Minor: 4
Nits:  0

1) Minor: Is a hit or fwd parameter required?

Is it required that an entry contain one of "hit" or "fwd"? Section 2.1 
makes it clear that you can't use both, but is less clear that one of 
them must be included. But logically it seems that an entry without 
either wouldn't be very useful.

I suggest that this be stated explicitly.

2) Minor: ttl for other caches

I'm not clear about the following in section 3:

    Going through two separate layers of caching, where the cache closest
    to the origin responded to an earlier request with a stored response,
    and a second cache stored that response and later reused it to
    satisfy the current request:

    Cache-Status: OriginCache; hit; ttl=1100,
                  "CDN Company Here"; hit; ttl=545

When "CDN Company Here" replies with a hit is it responsible for 
updating the ttl for the OriginCache? (Based on the time that has 
elapsed since it cached the value.) If not, does that ttl have any 
relevance?

3) Minor: registration of parameters

IMO the process of registration is underspecified.

For one thing, IANA is not instructed as to what the registry itself 
should look like. Given that a specification document is optional, the 
registry presumably must contain everything specified by the template in 
section 4 for new parameter registrations. But the instructions for 
pre-populating the registry from section 2 would mean copying a *lot* 
free formatted text into the registry.

ISTM that it would be more straightforward to always require a 
specification and have the IANA registry refer to it.

Alternatively, you could have different templates for registering 
with/without a specification and different registry formats for each.

I suggest you provide IANA with a template for the registry, and provide 
authors of extension parameters with a template for what should be 
included in a specification document.

4) Minor: Applicability of this header field is confusing

Section 2 says:

    The Cache-Status header field is only applicable to responses that
    are generated by an origin server.  An intermediary SHOULD NOT append
    a Cache-Status member to responses that it generates, even if that
    intermediary contains a cache, except when the generated response is
    based upon a stored response (e.g., a 304 Not Modified or 206 Partial
    Content).

The use of "are" implies to me that the cache received the response from 
the origin server just now. Using "were" (or even more explicit 
language) would tell me that this was a response received by the cache 
either now or in the past.

Also, IIUC the cache can't ever really distinguish if it received a 
response from the origin server or another cache. So how can it know if 
this response *ever* was created by the origin server? All it can know 
is that it received it from a server closer to the origin.

Can you clarify the language?

v2.23.0 | Report a Bug | By Email