Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10

Martin Thomson <martin.thomson@gmail.com> Tue, 20 January 2015 08:22 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 849461B2D8E; Tue, 20 Jan 2015 00:22:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ShRStqsK0Sf; Tue, 20 Jan 2015 00:22:04 -0800 (PST)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B0411AD277; Tue, 20 Jan 2015 00:22:04 -0800 (PST)
Received: by mail-ob0-f181.google.com with SMTP id nt9so1564889obb.12; Tue, 20 Jan 2015 00:22:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Uxjwx21PnIvYMtvth6z26NGflkbMXX0gTdlZxW4UHuo=; b=0Z4EGYhT+nUODNhxjGbU6sbKW4po73sNhXQAey0P8tOvfrNpqMEsVRC8IZyxWZPsDy HCluzetgFLF6vjTlAyK2yjyOri9kt2fEVa58rwVYg2zcT+geBn6tCqiNLU456BKKI20Z MG7iPv+XnUUOvGBvKAzr8qbNHeta7772ZUeuIi2XfB1NK47HESlKaa70qPf2YM9DdWYA Z4RSzFjRVHSIjS76HcgMCVH+jQBCiZnzaOj0qPDMfG9okVgCXFrGnqaq2EayP3be8HmX /ROOPUjVYlhqb4SluVPJdwqAOrAr38yPYoavCEZRB/lLqHc4t9N2eApYcRXat9D8urjK yUqg==
MIME-Version: 1.0
X-Received: by 10.202.79.149 with SMTP id d143mr19546924oib.16.1421742123948; Tue, 20 Jan 2015 00:22:03 -0800 (PST)
Received: by 10.202.226.136 with HTTP; Tue, 20 Jan 2015 00:22:03 -0800 (PST)
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949362DE459@MX104CL02.corp.emc.com>
References: <CE03DB3D7B45C245BCA0D243277949362DE459@MX104CL02.corp.emc.com>
Date: Tue, 20 Jan 2015 00:22:03 -0800
Message-ID: <CABkgnnUwNQUcFg5w5HFpSQrAUxtbqG_UN-_WDGop1eqqoCS+Aw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "Black, David" <david.black@emc.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/rA9e0euAVuHjozOvinqONRzSgF0>
Cc: "fenix@google.com" <fenix@google.com>, "General Area Review Team \(gen-art@ietf.org\)" <gen-art@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "herve.ruellan@crf.canon.fr" <herve.ruellan@crf.canon.fr>
Subject: Re: [Gen-art] Gen-ART and OPS-Dir review of draft-ietf-httpbis-header-compression-10
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jan 2015 08:22:07 -0000

In the absence of answers from the editors, I can provide an
explanation for the choices you have identified as being issues.

I've also turned your comments into a pull request.

https://github.com/http2/http2-spec/pull/693

You can review that; but the editors will likely have some more to say
about this.

(Note: I dropped opsdir from this reply, there was no substance there.
I look forward to a review of HTTP/2 proper.)

On 12 January 2015 at 18:12, Black, David <david.black@emc.com> wrote:
> The first major issue involves the dense packing of static and
> dynamic table indices, and what appears to be an inability to
> ever change this  and HPACK in general (if that's a "feature,"
> an explanation of why is in order).

That is entirely intentional.  The same question has been raised
several times, and the answer from the working group has been
consistent:

This compression scheme will not be the fastest, or give the best
compression ratios.  It will have those limitations, but it will be
easy to understand, implement and get correct and it will provide good
enough compression performance.

It will also be completely inflexible, but if that turns out to be a
problem, we will fix it in HTTP/3, even if that means that HTTP/3 is
almost entirely identical to HTTP/2.

A few people objected to this on the grounds that this flies in the
face of a body of accepted wisdom on extensibility in protocols.  But
that flexibility turns out to be contrary to the aforementioned goals.
Ultimately, this choice was very clearly and consistently the
consensus of the working group.

I'm going to propose the following text be added:

   The HPACK format is intentionally simple and inflexible.  Both
   characteristics reduce the risk of interoperability or security
   issues based by implementation error.  No extensibility mechanisms
   are defined; changes to the format are only possible by defining a
   complete replacement.

> The second major issue is that I can't find the list of fields
> that are required to use the never-indexed syntax for security
> reasons.

That list doesn't exist, because the need to avoid indexing is highly
contextual.  Like padding, I don't expect this feature to be widely
used, because it requires specific knowledge, but it is necessary to
avoid low-entropy secrets from being exposed to CRIME-like attacks.

I'll note that the combination of "low-entropy" and "secret"
immediately makes this a scenario into which only the very careful and
knowledgeable should venture.  But apparently some do and those few
(along with the paranoid) need the mechanism.  The rest of us can just
use more entropy on our secrets.

I can't confirm, but I think we're using it in Firefox for short
cookies (over which we have little control, but still wish to
protect).

[snip]
> Minor issues:
>
> -A- Section 1.3:
>
>    Dynamic Table:  The dynamic table (see Section 2.3.2) is a header
>       table used to associate stored header fields to index values.
>       This table is dynamic and specific to an encoding or decoding
>       context.
>
> Need to define "header table" before using it in this definition, or
> point to the discussion of the term in Section 1.

Or you could not use "header table":

   Dynamic Table:  The dynamic table (see Section 2.3.2) is a table that
      associates stored header fields with index values.  This table is
      dynamic and specific to an encoding or decoding context.

> -B- Section 4.2
>
> This paragraph is unclear on what has to be communicated:
[snip]
> I suggest:
>
>    Multiple updates to the maximum table size can occur between the
>    sending of two header blocks.  In the case that this size
>    is changed more than once in this interval, the smallest
>    maximum table size that occurs in that interval MUST
>    be sent in an encoding context update.  The final maximum size is
>    always sent, resulting in at most two encoding context updates.  This
>    ensures that the decoder is able to perform eviction based on
>    reductions in decoder table size (see Section 4.3).

LGTM (I apologize, that was my text).

> -C- Section 4.4:
>
> This paragraph is unclear on whether eviction occurs before or after
> adding an entry:
>
>    Whenever a new entry is to be added to the dynamic table, entries are
>    evicted from the end of the dynamic table until the size of the
>    dynamic table is less than or equal to (maximum size - new entry
>    size), or until the table is empty.
>
> I suggest inserting "(before the new entry is added)" after
> "until the size of the dynamic table"

How about this instead:

s/Whenever a new entry is to be added.../Before a new entry is added.../

> -D- Section 4.4:
>
>    If the representation of the added entry references the name of an
>    entry in the dynamic table, the referenced name is cached prior to
>    performing eviction to avoid having the name inadvertently evicted.
>
> Cached where and how?  Please explain.

I don't find this unclear, would "saved" cause less confusion than "cached"?

> -E- Section 5.1
>
> N is supposed to be the number of bits in the prefix, which makes the
> use of N in "Value (N)" incorrect in Figure 2.  I think just deleting
> "(N)" in the figure will fix this.

I think that's a fair point; I think removing the "(7)" from Figure 3
is necessary though.

>
> -F- Section 7.1.3
>
> This section applies only to intermediaries that are aware of HPACK
> (and presumably use it).  That should be stated, along with a reminder
> that an HPACK-unaware intermediary that does HPACK-unaware compression
> may create vulnerabilities to attacks like CRIME.
>
> Nits/editorial comments:
>
> -- Section 1:
>
>    As
>    Web pages have grown to include dozens to hundreds of requests,
>
> "include dozens to hundreds of requests" ->
>         "require dozens to hundreds of requests to retrieve"

"to retrieve" is too specific.

> -- Section 1.3:
>
>    Header Field:  A name-value pair.  Both the name and value are
>       treated as opaque sequences of octets.
>
> Indicate what header or headers these fields come from.

?

>    Static Table:  The static table (see Section 2.3.1) is a header table
>       used to associate static header fields to index values.
>
> "associate static header fields" ->
>         "statically associate commonly used header fields"

I'm going to avoid the "commonly used" value judgment.  Whether they
are commonly used or not isn't pertinent.  I'll let the editors decide
if they would prefer your text.

> -- Section 2.4:
>
> The rationale for the additional format that forbids ever encoding a
> field should be repeated here (it's stated in Section 2.3).

With the forward reference to 6.2.3, which contains an explanation, I
think that this is adequately covered already.

> -- Section 5.1:

I think moving the figures and related text is better.


> idnits complained that it couldn't find an IANA Considerations
> section.  Please add an empty one (stating that there are no IANA
> Considerations) if/when the draft is revised.

I tend to think that absence of "IANA Considerations" and a section
with "This document has no IANA actions." should be treated as
precisely equivalent.  But I guess that ship sailed already.