Re: [Gen-art] Gen-ART LC/Telechat review of draft-reschke-http-status-308-05

Julian Reschke <> Sat, 17 March 2012 09:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A14FF21F8713 for <>; Sat, 17 Mar 2012 02:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.494
X-Spam-Status: No, score=-102.494 tagged_above=-999 required=5 tests=[AWL=-1.735, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, SARE_LWSHORTT=1.24, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2t2c0AvTxXR6 for <>; Sat, 17 Mar 2012 02:21:12 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id CEF9E21F8704 for <>; Sat, 17 Mar 2012 02:21:08 -0700 (PDT)
Received: (qmail invoked by alias); 17 Mar 2012 09:21:07 -0000
Received: from (EHLO []) [] by (mp016) with SMTP; 17 Mar 2012 10:21:07 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX18xOF4rfjsxtNda05r+lh14cRYyKHxnmkrHuNWbKc wKZSdk2H7Al68M
Message-ID: <>
Date: Sat, 17 Mar 2012 10:21:05 +0100
From: Julian Reschke <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Ben Campbell <>
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: " Review Team" <>, The IETF <>,
Subject: Re: [Gen-art] Gen-ART LC/Telechat review of draft-reschke-http-status-308-05
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 17 Mar 2012 09:21:14 -0000

On 2012-03-16 22:06, Ben Campbell wrote:
> Apologies for the delayed response--the day job got in the way this week.
> Comments inline:
> On Mar 12, 2012, at 12:16 PM, Julian Reschke wrote:
>> On 2012-03-12 17:15, Ben Campbell wrote:
>>> I am the assigned Gen-ART reviewer for this draft. For background on
>>> Gen-ART, please see the FAQ at
>>> <>gt;.
>>> Please wait for direction from your document shepherd
>>> or AD before posting a new version of the draft.
>>> Document: draft-reschke-http-status-308-05
>>> Reviewer: Ben Campbell	
>>> Review Date: 2012-03-12
>>> IETF LC End Date: 2012-03-16
>>> IESG Telechat date: 2012-03-15
>>> Summary: This draft is basically ready for publication as an experimental RFC. I have a few minor comments that might be worth considering whether they would improve the document prior to publication.
>>> Note: Since this draft is on a Telechat that precedes the end of the IETF Last Call, this review serves as both the LC and Telechat review.
>> Thanks.
>>> Major issues:
>>> None:
>>> Minor issues:
>>> -- General: I see some discussion about existing UA behavior, but nothing about what a UA should do with a 308 other than as an implication the fact that this is a "permanent version of 307". It's probably worth describing that explicitly. (Or is that what the "clients with link-editing capabilities" statement is intended to do?If so, does that cover everything?)
>> The draft uses *exactly* the same words as the base spec (HTTPbis), except that it combines aspects of 302 (permanence) with those of 307. I thought that's clear enough.
> I assume you meant 301 and 307.


> I note that all of the 3XX responses have their semantics explicitly described in httpbis. While some reference other 3XX codes to contrast the behavior, none seem to be defined in terms of each other. The 301 definition includes an explicit note about the POST to GET behavior. The 307 definition includes an explicit post about that behavior not being allowed. Section 3 of this doc does neither.

The note in 307 was written to point out that the equivalent (308) is 
not defined in HTTPbis. That's why the equivalent text is not on the 
definition of 308.

But you are right in that it provides additional information not present 
in the statement for 308, and I can fix that.

> Looking further, I see that both the 301 and 307 definitions have different language about the response payload (they say if the method was not HEAD the payload SHOULD contain short  hypertext note, while this doc says the payload can contain one. (which I read as equivalent to a MAY).
> Finally, both 301 and 307 contain a paragraph about automatic redirection for "safe" methods.

Both of this is not true anymore in draft -19 of httpbis, where all 
these statements have been moved to the introduction of the redirect codes.

>>> -- section 1, last paragraph:
>>> The fact that a 308 can't change the method is left as an implication of being based on 307. It would be good to state that explicitly and normatively here.
>> We don't state it in HTTPbis either. 301, 302, and 303 are exceptions. See the new introduction in<>.
> HTTPbis sections 7.3.2, 7.3.3, 7.3.4, and 7.3.8 all contain explicit language or notes about about  GET and POST. I recognize that it is not stated _normatively_ in each case, but it's at least mentioned.

7.3.2 (301), 7.3.3 (392) and 7.3.4 (303) have these notes because they 
are exceptions. Re: 7.3.8: see above.

>>> -- section 3, 1st paragraph: "Clients with link-editing capabilities ought to..."
>>> Should that be stated normatively?
>> No. Again, this is consistent with the text in HTTPbis for status code 302.
> I concur that it says that. I find it unfortunate that HTTPbis used non-normative language there, but the text in this draft is consistent.
>>> -- section 3, third paragraph: "The new permanent URI SHOULD be given..."
>>> I'm curious why that is not a MUST. Is there a reasonable (i.e. interoperable)  way to send a 308 _without_ a URI in the location field? Is the meta refresh directive something that can be used _instead_ of the Location header field?
>> Again, consistency with RFC 2616 and HTTPbis.
> You are correct.
>>> -- section 4:
>>> The example uses _both_ the location field and the HTML<meta>   refresh directive. Is this considered a recommended practice to the degree you might normatively recommend it in the text?
>> No, it's a hack that makes deployment easier until all UAs do the right thing; we don't want to make that permanent.
> A comment to that effect in the text would be helpful.

I disagree with this. It's an example for a deployment strategy that can 
help in the short term. That's all.

Best regards, Julian