Re: Permissible states for extension frames #591
Greg Wilkins <gregw@intalio.com> Tue, 12 August 2014 23:55 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA8371A079F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Aug 2014 16:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.947
X-Spam-Level:
X-Spam-Status: No, score=-6.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id So6tYmlj19NC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 12 Aug 2014 16:54:59 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CDA51A02E6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 12 Aug 2014 16:54:58 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XHLqj-0007D9-1a for ietf-http-wg-dist@listhub.w3.org; Tue, 12 Aug 2014 23:51:29 +0000
Resent-Date: Tue, 12 Aug 2014 23:51:29 +0000
Resent-Message-Id: <E1XHLqj-0007D9-1a@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XHLqI-0007BD-09 for ietf-http-wg@listhub.w3.org; Tue, 12 Aug 2014 23:51:02 +0000
Received: from mail-we0-f180.google.com ([74.125.82.180]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XHLqG-0004FA-B8 for ietf-http-wg@w3.org; Tue, 12 Aug 2014 23:51:01 +0000
Received: by mail-we0-f180.google.com with SMTP id w61so10545222wes.25 for <ietf-http-wg@w3.org>; Tue, 12 Aug 2014 16:50:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=quH6Z+4sO543zLBRY51wMulQUQnzpTMkVoTd2CnDHOM=; b=MJlFmLTJsI5H+YfgAEYEywpzdQqHYGbPSVOyS3ZOOJDPKAu2uJxP8PTLTq6QXFt0dl kufbNTrJl4ovd9IL6kp7yUpH3SeNNNrwXcYpwPchMm80FgElhWYvdmZ3c2gv5CFEK1Ha qXvmPIPaoRt1va9h72BvJpJcZPlvwEdEo77+6rZudtgN0yZTnL+YGCiMCgxaIM5ZnjnJ y4pFcoI5G/vNz65gRqycl7gaidLWGDW6fEsn49dUWaolchAHiNpMHOPPbYkPOq/m7QWX rnAdkbBJ0vdK34qu1FzUHaDywXoE/UmMjkUTzE7O8g4d97zG++gBvuHgT+R0H9pd885n kWJA==
X-Gm-Message-State: ALoCoQn9c7wPB6bJ191ov01+Nlepdn6C/t1PwNORaFqlPcAg5h5jY31FRPVcZesgJBaiprJzaRZK
MIME-Version: 1.0
X-Received: by 10.194.119.193 with SMTP id kw1mr875420wjb.82.1407887433275; Tue, 12 Aug 2014 16:50:33 -0700 (PDT)
Received: by 10.194.169.98 with HTTP; Tue, 12 Aug 2014 16:50:33 -0700 (PDT)
In-Reply-To: <53E9E30C.1020500@treenet.co.nz>
References: <CABkgnnVgnJSmJW2B4nJ8Vb-Nwi3EF2pra7D_m8uqZfQ8H1a2eA@mail.gmail.com> <CAH_y2NGofk6bsLOr510MuSVuh9=EhTVBYROGBnAdeie-YQS-8Q@mail.gmail.com> <CABkgnnUZxaVnSOEf8D2HQGZRWc0K1UNs99FswdFYUz8Wg9cq=w@mail.gmail.com> <CAH_y2NGkitE9Ow+rhxL4a2U+hVJu=QN2C=Wy5ZrvWaLA3H9cXQ@mail.gmail.com> <53E9E30C.1020500@treenet.co.nz>
Date: Wed, 13 Aug 2014 09:50:33 +1000
Message-ID: <CAH_y2NGy5esJGBjdOrgqJoyQCrWOswvW3HeaeMLe3OdPR_vCSg@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="089e012286265833c1050077561b"
Received-SPF: permerror client-ip=74.125.82.180; envelope-from=gregw@intalio.com; helo=mail-we0-f180.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.100, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1XHLqG-0004FA-B8 2f085404122c118a840263a2e7736ad4
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Permissible states for extension frames #591
Archived-At: <http://www.w3.org/mid/CAH_y2NGy5esJGBjdOrgqJoyQCrWOswvW3HeaeMLe3OdPR_vCSg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26594
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 12 August 2014 19:49, Amos Jeffries <squid3@treenet.co.nz> wrote: > I dont see why we need to do that at all. The problem is that we have a very strict definition of no interleaving of frames between continuations. Not even control frames can be interleaved. This allows implementations to treat continuations as simply an atomically arriving jumbo. In fact when we discussed the more complete version of the state machine https://github.com/http2/http2-spec/issues/484 that could handle non atomic arrival of end_stream and end_headers, the argument was made that the state machine should not be complicated in that way. It was said that nobody would implement the proposed 1/4 closed and 3/4 <http://lists.w3.org/Archives/Public/ietf-http-wg/2014AprJun/att-0720/http2state.txt> closed states because you can effectively treat the arrival of an end_stream and the following end_headers as atomic. If we allow arbitrary interleaving of extension frames, then we will have extension frames arriving in the middle of these supposed atomic stream state transitions that every implementation is going to have elided in some not specified private way. Thus it is highly unlikely that portable extensions that interact with stream state will be able to be developed as there is not a common definition for non-atomic leap between two defined stream states. Also any implementation that wishes to some day support the any extension frames, cannot be written with the simplified state machine and must treat headers and continuations as non atomic events. This is not an impossible task and if we supported interleaving of continuations frames by other protocol frames, then it would have to be done anyway. But unfortunately because we don't support any interleaving in the default protocol, that means that any impl that does support the full state machine cannot actually be tested with the un extended protocol. So there are going to be a lot of undiscovered bugs that might be exploitable once a few extensions are implemented long after the more rigorous testing of the stream states has been done. The best solution would of been to have a framing layer that was entirely independent of frame types, so it could have handles stream control without even needing to know what an extension was. But that horse bolted long ago. We could have taken a step towards that optimum solution by removing continuations and supporting fragmentable interleavable headers with a simple stream state machine where end_stream is on the last frame. Sure it is more complex, but at least it can be tested in a normal use case. But we didn't get consensus for that. So next best would be to allow interleaving of at least control frames between continuation frames. This would at least allow testing the complexities of 1/4 and 3/4 closed streams but without having many benefits for this complexity. Kind of the worst of all worlds, but probably necessary if we want extensions able to be arbitrarily interleaved. Failing that, all we can continue to treat continuations as a very special case and that nothing can interleave, not even extension frames. Only then can implementations implement the simplified state machine that was explicitly used to justify many design decisions. Unfortunately this means that all extensions, even ones that don't care about stream state, have to known about this special case so they don't interleave at the wrong time. Sorry for the essay, but it is really important to not allow WG fatigue to let some less-precise wording through. We've been told that "ugliness" is not a technical reason for rejecting a design, so we have some ugly parts in the specification. The cost of ugliness comes now as every single thing you add/extend to the specification has to be run past all the ugliness and we have to make sure that we don't break any of the fragile reasoning or fictional state machine used to support it. Non-ugly design is more robust in the face of change/extension. regards -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
- Permissible states for extension frames #591 Martin Thomson
- Re: Permissible states for extension frames #591 Greg Wilkins
- Re: Permissible states for extension frames #591 Martin Thomson
- Re: Permissible states for extension frames #591 Greg Wilkins
- Re: Permissible states for extension frames #591 Amos Jeffries
- Re: Permissible states for extension frames #591 Ilari Liusvaara
- Re: Permissible states for extension frames #591 Greg Wilkins
- RE: Permissible states for extension frames #591 Mike Bishop
- Re: Permissible states for extension frames #591 Greg Wilkins
- Re: Permissible states for extension frames #591 Martin Thomson
- Re: Permissible states for extension frames #591 Greg Wilkins
- Re: Permissible states for extension frames #591 Mark Nottingham