Re: p2: Expect: 100-continue and "final" status codes

Amos Jeffries <squid3@treenet.co.nz> Wed, 24 April 2013 13:30 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3545121F910E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 24 Apr 2013 06:30:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.527
X-Spam-Level:
X-Spam-Status: No, score=-10.527 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZYpC0Jxaccc for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 24 Apr 2013 06:30:58 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id CB1A221F9027 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 24 Apr 2013 06:30:57 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UUzl6-0000os-9b for ietf-http-wg-dist@listhub.w3.org; Wed, 24 Apr 2013 13:29:16 +0000
Resent-Date: Wed, 24 Apr 2013 13:29:16 +0000
Resent-Message-Id: <E1UUzl6-0000os-9b@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1UUzl1-0000o4-2l for ietf-http-wg@listhub.w3.org; Wed, 24 Apr 2013 13:29:11 +0000
Received: from ip-58-28-153-233.static-xdsl.xnet.co.nz ([58.28.153.233] helo=treenet.co.nz) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <squid3@treenet.co.nz>) id 1UUzkz-00005G-HS for ietf-http-wg@w3.org; Wed, 24 Apr 2013 13:29:11 +0000
Received: from [192.168.2.7] (103-9-43-149.flip.co.nz [103.9.43.149]) by treenet.co.nz (Postfix) with ESMTP id 70923E6F39; Thu, 25 Apr 2013 01:28:42 +1200 (NZST)
Message-ID: <5177DE06.5000305@treenet.co.nz>
Date: Thu, 25 Apr 2013 01:28:38 +1200
From: Amos Jeffries <squid3@treenet.co.nz>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: "Adrien W. de Croy" <adrien@qbik.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
References: <em6b971646-ac26-4ca6-98e9-3ff08dca750f@bombed>
In-Reply-To: <em6b971646-ac26-4ca6-98e9-3ff08dca750f@bombed>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=58.28.153.233; envelope-from=squid3@treenet.co.nz; helo=treenet.co.nz
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.449, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UUzkz-00005G-HS dd3c87cb00f70b258d6b4811206c8175
X-Original-To: ietf-http-wg@w3.org
Subject: Re: p2: Expect: 100-continue and "final" status codes
Archived-At: <http://www.w3.org/mid/5177DE06.5000305@treenet.co.nz>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17534
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 24/04/2013 7:46 p.m., Adrien W. de Croy wrote:
>
>
> ------ Original Message ------
> From: "Amos Jeffries" <squid3@treenet.co.nz>;
>> On 24/04/2013 4:39 p.m., Adrien W. de Croy wrote:
>>>
>>>
>>> ------ Original Message ------
>>> From: "Mark Nottingham" <mnot@mnot.net>;
>>>>
>>>> On 24/04/2013, at 12:41 PM, Amos Jeffries <squid3@treenet.co.nz>; 
>>>> wrote:
>>>>>>>
>>>>>>>  I think we can give better advice than that. If a server 
>>>>>>> responds with a final status code instead of 100 (Continue)
>>>>>>>
>>>>>>>  1. The response must be the last response on the connection. 
>>>>>>> The response should contain "Connection: close" header. After 
>>>>>>> the response is written, the server must initiate a lingering 
>>>>>>> close of the connection (p1#6.6).
>>>>>>  That seems too restrictive; as long as the server reads the rest 
>>>>>> of the request properly (discarding it), it should be able to 
>>>>>> recover and reuse the connection.
>>>>>
>>>>>  The problem comes with intermediaries. How are they to know the 
>>>>> bytes following were the original advertised payload or not? the 
>>>>> status from server has no guarantee of arriving after the client 
>>>>> payload starts arriving.
>>>>>  The only way to guarantee safety on the connection is to close it 
>>>>> or always send payload.
>>>
>>>
>>> I'm really struggling to see what benefit can be derived by a client 
>>> in knowing whether a server supports 100 continue or not. So to me 
>>> Expects: 100-continue is a complete waste of space. I've never seen 
>>> one so I guess implementors by and large agree.
>>
>> I guess you have never tried uploading a video to the YouTube through 
>> an old intermediary which requires authentication. At best (Basic) it 
>> doubles the upload time and can cause the whole transaction to abort 
>> with a timeout. At worst (NTLM) it can do the same while consuming up 
>> to 3x the total size of the uncompressed video in bandwidth. This 
>> exact use-case is why we pushed HTTP/1.1 experiments into Squid-2.7.
> similar issue with webmail uploading attachments.  that's why I wrote 
> http://tools.ietf.org/id/draft-decroy-http-progress-00.txt
>
> I removed the discussion about flow-control after the aforementioned 
> discussion about using chunked transfers for requests.
>
> But I don't see how 100 continue makes any difference in this case.  
> The client needs to either
>
> a) close and retry.  This won't work for any connection-oriented auth 
> mechanism.

On the contrary the connection can safely be closed after the first 
request/response and the initial challenge with any mechanism, even 
connection-oriented ones. The credentials state does not exist until the 
followup client request with Authorization: header attached. That is the 
point where closure is a probem for connection-oriented auth, BUT also 
by that point Expect has already taken place and capability is known to 
be available or not.

Squid administrators have been using exactly this challenge+close method 
for some years now to avoid MSIE bugs in NTLM. So we have evidence of 
success outside of Expect.

Amos