#458: Requirements upon proxies for Expect

Mark Nottingham <mnot@mnot.net> Thu, 30 May 2013 09:30 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC22F21F979D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 30 May 2013 02:30:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.934
X-Spam-Level:
X-Spam-Status: No, score=-8.934 tagged_above=-999 required=5 tests=[AWL=1.665, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id En1ktgbGXllC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 30 May 2013 02:30:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 777EA21F9019 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 30 May 2013 02:30:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Uhz9j-0001lS-0t for ietf-http-wg-dist@listhub.w3.org; Thu, 30 May 2013 09:28:23 +0000
Resent-Date: Thu, 30 May 2013 09:28:23 +0000
Resent-Message-Id: <E1Uhz9j-0001lS-0t@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1Uhz9R-0001jq-Iq for ietf-http-wg@listhub.w3.org; Thu, 30 May 2013 09:28:05 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1Uhz9M-0000F3-6U for ietf-http-wg@w3.org; Thu, 30 May 2013 09:28:05 +0000
Received: from [192.168.1.80] (unknown [118.209.184.230]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 0E23522E1F3; Thu, 30 May 2013 05:27:37 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <20130420091851.GS26517@1wt.eu>
Date: Thu, 30 May 2013 19:27:33 +1000
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3C8151C1-B850-4960-A2FD-305BD7CD2CAD@mnot.net>
References: <08A7729A-6B1F-46D2-AFA8-C37F6CFECD2A@mnot.net> <20130420091851.GS26517@1wt.eu>
To: Willy Tarreau <w@1wt.eu>
X-Mailer: Apple Mail (2.1503)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-3.399, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1Uhz9M-0000F3-6U a518715a08b28683a68344bc0be337c2
X-Original-To: ietf-http-wg@w3.org
Subject: #458: Requirements upon proxies for Expect
Archived-At: <http://www.w3.org/mid/3C8151C1-B850-4960-A2FD-305BD7CD2CAD@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18152
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Willy,

On 20/04/2013, at 7:18 PM, Willy Tarreau <w@1wt.eu> wrote:

> On Sat, Apr 20, 2013 at 07:00:19PM +1000, Mark Nottingham wrote:
>> p2 5.1.1 "Requirements for HTP/1.1 proxies" bullet one effectively requires
>> proxies to forward ALL requests with Expect: 100-continue if the inbound
>> server is HTTP/1.1 -- even if the request is a GET.
>> 
>> I know that this isn't the intent, but that's how it reads; suggest
>> qualifying this to only apply to requests with bodies.
> 
> Do you see any risk in applying this to any request ? I've been thinking
> in the past about the possibility to use Expect to send non-idempotent
> requests over existing connections without fearing the risk of a broken
> connection, but the stupid situation where a client sends an empty POST
> with Expect is still problematic. All this to say that there might be
> some usages of Expect that are not covered here and not problematic
> either.

Sorry, I'm not following you here. What do you want to do?


>> The next bullet requires proxies to respond with a 417 if the inbound server
>> is HTTP/1.0. Just curious here - why? Wouldn't the maximally interoperable
>> thing be to generate a 100-continue yourself? While the client *could*
>> resubmit the request, they probably won't, because as far as they know, the
>> origin told them not to.
> 
> That's exactly what I thought as well when reading this point ! And FWIW,
> haproxy does so when it needs to parse part of the request body to pick
> a server. I think that was the exact intended purpose of skipping as
> many "100" responses as needed BTW.


OK. How do other folks feel about this? I think the proposal is to change:

> If the proxy knows that the version of the next-hop server is HTTP/1.0 or lower, it must not forward the request, and it must respond with a 417 (Expectation Failed) status code.

to:

"""
If the proxy knows that the version of the next-hop server is HTTP/1.0 or lower, it MAY either respond with a 417 (Expectation Failed) without forwarding the request, or with a 100 (Continue) status code while forwarding it.
"""

Note that this is applying to proxies, NOT gateways (like haproxy), which AFAICT don't have any requirements applying to them. Hmm.

I'd also really like to see us define what "final status code" means; is it just 417? Any 4xx or 5xx status? Any non-1xx status?

Cheers,

--
Mark Nottingham   http://www.mnot.net/