IETF Logo Mail Archive

Re: AD review of draft-ietf-httpbis-http2bis-05

Cory Benfield <cory@lukasa.co.uk> Thu, 11 November 2021 10:30 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77EF53A0C79 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 11 Nov 2021 02:30:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.67
X-Spam-Level:
X-Spam-Status: No, score=-2.67 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lukasa-co-uk.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJWAXgB3kRyz for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 11 Nov 2021 02:30:06 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEA8A3A0C77 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 11 Nov 2021 02:30:05 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ml7Is-00065z-Gk for ietf-http-wg-dist@listhub.w3.org; Thu, 11 Nov 2021 10:27:34 +0000
Resent-Date: Thu, 11 Nov 2021 10:27:34 +0000
Resent-Message-Id: <E1ml7Is-00065z-Gk@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <cory@lukasa.co.uk>) id 1ml7Iq-00064v-4N for ietf-http-wg@listhub.w3.org; Thu, 11 Nov 2021 10:27:32 +0000
Received: from mail-lj1-x22d.google.com ([2a00:1450:4864:20::22d]) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <cory@lukasa.co.uk>) id 1ml7In-0007Zt-FS for ietf-http-wg@w3.org; Thu, 11 Nov 2021 10:27:31 +0000
Received: by mail-lj1-x22d.google.com with SMTP id z8so10953430ljz.9 for <ietf-http-wg@w3.org>; Thu, 11 Nov 2021 02:27:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lukasa-co-uk.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=qB9auxK6EtiZPa2KWjP4ZQMS9Nz1mb8CNw/diyZfzCA=; b=hu4W2D4i8VfG1I0FPbqVUtNSgPSjde28X0uTXgAV7ruu8k0eYvCdY3Cx/xtAYsBaso GkSjSowj4uPFlq4TcgV4rGobtnNfdj7EIZOaDmMxhxH27dUGglWRVWvhvGBoX9W6tAFC byww3EiZ+JuRKRh6gAdK7Q0Ko3LukN1OHNQQzP3nV1ye3PidRGXrcEvbaJtszTXL0350 x3aLLOlEcMQQhzd0lyCGKr1q8tIncPD3m7m5RU9JkujXDdYuc+VewLVLV7B4NqKQdfLy 9WNWdyxlox2XdJSLcB6eggOnlE3EQ+Pkavfaqr5Ed4TFCNhRwmOHeoO3DGsgHLK3/BQe yLxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=qB9auxK6EtiZPa2KWjP4ZQMS9Nz1mb8CNw/diyZfzCA=; b=D+rYPT+ftcp9qRn8fec2/1xPBM6E2KqKYcrkrRhKAxBnZ6fYqFKD7D5llRQmYv0IvD kxw884qmJwFHGbFWaiddtKIQuyo3XdSO2tfpm1/IFfk2gi4+rD9ZNuNkskEbZ8MNcE5j kJ5f9guNI1N8yTVrNoHYNaYkL9vQJJJl4p9BdiDRdEeg06JoTUOz5xGkccc+o3GeWR1a 3aDjaCxkI21/IUpeUl2j4/MuPEusSOc12ZZ3DUh6ynfyErRQkfuVkQkfs7GjbUK+M5p6 FAfxa1njdGek3XntNJSwGFHroAf9ExSMrlRFin1E49cSvWL5R3EV4yhxxDBjszVUlrrT q3Qg==
X-Gm-Message-State: AOAM532f7CtHWYDQlVd/m2oQwx6ENdqCKxGMMQFhXszlMgUAg22pgF+C y0bue0cEI3mtCLSG94kFw9GxhgyB906BFpgAS2NJC9wNv6iDCg==
X-Google-Smtp-Source: ABdhPJxW9yPFn/xR/duJr/9j8iUcLzN2X0OFlb3bLuObNvCHEQ3TqlzmLf+nyzez53BYF8LoiOHf5st9ssnab/hUstM=
X-Received: by 2002:a05:651c:4c6:: with SMTP id e6mr5868656lji.411.1636626437603; Thu, 11 Nov 2021 02:27:17 -0800 (PST)
MIME-Version: 1.0
References: <HE1PR07MB4217A338C90B49083C6375ED98939@HE1PR07MB4217.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR07MB4217A338C90B49083C6375ED98939@HE1PR07MB4217.eurprd07.prod.outlook.com>
From: Cory Benfield <cory@lukasa.co.uk>
Date: Thu, 11 Nov 2021 10:27:06 +0000
Message-ID: <CAH_hAJGV3Uydg7=rKXA0xxXH=rDTF=MW0OBMiOGy-L5qY=kKbQ@mail.gmail.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: "draft-ietf-httpbis-http2bis@ietf.org" <draft-ietf-httpbis-http2bis@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2a00:1450:4864:20::22d; envelope-from=cory@lukasa.co.uk; helo=mail-lj1-x22d.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=cory@lukasa.co.uk domain=lukasa-co-uk.20210112.gappssmtp.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1ml7In-0007Zt-FS 30e80ffd098ec9acb4a4a150869ba2d9
X-Original-To: ietf-http-wg@w3.org
Subject: Re: AD review of draft-ietf-httpbis-http2bis-05
Archived-At: <https://www.w3.org/mid/CAH_hAJGV3Uydg7=rKXA0xxXH=rDTF=MW0OBMiOGy-L5qY=kKbQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39562
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, 10 Nov 2021 at 21:26, Francesca Palombini
<francesca.palombini@ericsson.com> wrote:
>
> Thank you very much to the authors and the wg for another well written document.
>
>
>
> I don't have major comments. I have some minor comments, and a couple of nits or request for clarifications, which you can address together with any other last call comments. The requests for adding references to specific sections are there to hopefully make it easier for a reader to navigate the different specifications referenced, I obviously think they would improve readability but feel free to take or leave as you please.
>
>
>
> Additionally, before starting the last call, I want to bring your and the wg's attention to the first 2 points, related to references.
>
>
>
> I have opened a github issue with the text below: https://github.com/httpwg/http2-spec/issues/974.
>
> Francesca
>
>
>
> 1. -----
>
>
>
> FP: Is the working group aware that RFC 793bis is in IESG evaluation (https://datatracker.ietf.org/doc/draft-ietf-tcpm-rfc793bis/ ) ? Was the choice of having a normative reference to 793 conscious, in order to avoid any delay that might come from publication of draft-ietf-tcpm-rfc793bis? (Just checking this was considered)
>
>
>
> 2. -----
>
>
>
>    for HTTP/2 over TLS.  The general TLS usage guidance in [TLSBCP]
>
>    SHOULD be followed, with some additional restrictions that are
>
>    specific to HTTP/2.
>
>
>
> FP: Given this requirement, I would have expected to see [TLSBCP] normatively referenced, rather than informatively.
>
>
>
> 3. -----
>
>
>
>    layer.  The frame and stream layers are tailored to the needs of the
>
>    HTTP protocol and server push.
>
>
>
> FP: I would think the server push is part of the HTTP protocol, which makes this formulation "HTTP protocol and server push" confusing.
>
>
>
> 4. -----
>
>
>
>    Type:  The 8-bit type of the frame.  The frame type determines the
>
>
>
>    Flags:  An 8-bit field reserved for boolean flags specific to the
>
>
>
> FP: I would find a reference to the IANA registry useful.
>
>
>
> 5. -----
>
>
>
>    implementation of flow control can be difficult.  When using flow
>
>    control, the receiver MUST read from the TCP receive buffer in a
>
>    timely fashion.  Failure to do so could lead to a deadlock when
>
>
>
> FP: "When using flow control" might be rephrased to indicate "when flow control limits are lower than the maximum" (or something of the sort), since if I understand correctly the capability is always used, it is just the window size that changes (effectively implementing control of flow). Also "timely fashion" - I know that it is probably hard, but it would be nice to have a more precise qualification, or at least a hint of what is considered timely.
>
>
>
> 6. -----
>
>
>
>    stream that it successfully received from its peer.  The GOAWAY frame
>
>    includes an error code that indicates why the connection is
>
>
>
> FP: "error code" - here as well I would have liked a reference to the IANA registry.
>
>
>
> 7. -----
>
>
>
>    Exclusive:  A single-bit flag.  This field is only present if the
>
>       PRIORITY flag is set.
>
>
>
>    Stream Dependency:  A 31-bit stream identifier.  This field is only
>
>       present if the PRIORITY flag is set.
>
>
>
>    Weight:  An unsigned 8-bit integer.  This field is only present if
>
>       the PRIORITY flag is set.
>
>
>
> FP: I would have expected to see some definition of how the fields are used. If this is defined somewhere else, a reference would be good.
>
>
>
> 8. -----
>
>
>
>    SETTINGS Frame {
>
>      Length (24),
>
>      Type (8) = 4,
>
>
>
>      Unused Flags (7),
>
>      ACK Flag (1),
>
>
>
>      Reserved (1),
>
>      Stream Identifier (31),
>
>
>
>      Setting (48) ...,
>
>    }
>
>
>
>    Setting {
>
>      Identifier (16),
>
>      Value (32),
>
>    }
>
>
>
> FP: Is there any reason why the Stream Identifier line is not:
>
>      Stream Identifier (31) = 0,
>
>
>
> 9. -----
>
>
>
>       a server does include a value it MUST be 0.  A client MUST treat
>
>       receipt of a SETTINGS frame with SETTINGS_ENABLE_PUSH set to 1 as
>
>       a connection error (Section 5.4.1) of type PROTOCOL_ERROR.
>
>
>
> FP: This is just my curiosity: what is the reason for this stronger requirement - I would think it shouldn't be a problem for the sender if it wants to advertise that it would permit/support server push. What am I missing?
>
>
>
> 10. -----
>
>
>
>       A value of 0 for SETTINGS_MAX_CONCURRENT_STREAMS SHOULD NOT be
>
>       treated as special by endpoints.  A zero value does prevent the
>
>
>
> FP: When is it ok that the 0 value is treated as special?
>
>
>
> 11. -----
>
>
>
>    set.  Upon receiving a SETTINGS frame with the ACK flag set, the
>
>    sender of the altered settings can rely on the value having been
>
>    applied.
>
>
>
> FP: nit s/value/values. Also I believe this could be misunderstood - can it be made more precise on the fact that only the values that are present in the received frame with the ACK flag set (and not those that might have been ignored because not understood) have been applied.

This is not accurate: if the ACK flag is set then the payload of the
SETTINGS frame is required to be empty. There is no signal to send
whether a setting has been ignored. If it is necessary to get
confirmation that a setting has been understood, both parties will be
required to advertise it in their own SETTINGS frames.

>
>
>
> 12. -----
>
>
>
>   A receiver MUST treat the receipt of a WINDOW_UPDATE frame with an
>
>    flow-control window increment of 0 as a stream error (Section 5.4.2)
>
>
>
> FP: nit s/an/a
>
>
>
> 13. -----
>
>
>
>    FLOW_CONTROL_ERROR (0x3):  The endpoint detected that its peer
>
>       violated the flow-control protocol.
>
>
>
>    STREAM_CLOSED (0x5):  The endpoint received a frame after a stream
>
>       was half-closed.
>
>
>
> FP: would be good to add a reference to the relevant sections.
>
>
>
> 14. -----
>
>
>
>    set after receiving the HEADERS frame that opens a request or after
>
>    receiving a final (non-informational) status code MUST treat the
>
>
>
> FP: Where is a "non-informational status code" defined?
>
>
>
> 15. -----
>
>
>
> FP: Are the following two sentences in Section 8.1.1. in contradiction?
>
>
>
>    request or response.  Malformed requests or responses that are
>
>    detected MUST be treated as a stream error (Section 5.4.2) of type
>
>    PROTOCOL_ERROR.
>
>
>
>    on the remainder of the request being correct.  A server or
>
>    intermediary MAY use RST_STREAM -- with a code other than
>
>    REFUSED_STREAM -- to abort a stream if a malformed request or
>
>    response is received.
>
>
>
> FP: In section 5.4.2. I read:
>
>
>
>    An endpoint that detects a stream error sends a RST_STREAM frame
>
>
>
> So the first sentence above implies RST_STREAM MUST be sent, while the second sentence states RST_STREAM MAY be sent.
>
>
>
> 16. -----
>
>
>
>    their definitions in Sections Section 5.1 of [5.1] and Section 5.5 of
>
>    [5.5] of [HTTP] respectively and treat messages that contain
>
>
>
> FP: References need fixing.
>
>
>
> 17. -----
>
>
>
>      from the control data of the original request, unless the the
>
>
>
> FP: nit Remove one "the"
>
>
>
> 18. -----
>
>
>
>       Note that request targets for CONNECT or asterisk-form OPTIONS
>
>       requests never include authority information.
>
>
>
> FP: Please add a reference to 7.1 of [HTTP] as this is the first time "asterisk-form OPTION" appear in this document.
>
>
>
> 19. -----
>
>
>
>    Advertising a SETTINGS_MAX_CONCURRENT_STREAMS value of zero disables
>
>    server push by preventing the server from creating the necessary
>
>    streams.  This does not prohibit a server from sending PUSH_PROMISE
>
>    frames; clients need to reset any promised streams that are not
>
>    wanted.
>
>
>
> FP: Do these two sentences contradict each other? In the first sentence I am reading that the server can't create the necessary stream to send the PUSH_PROMISE frame, in the second sentence I read that it can?
>
>
>
> 20. -----
>
>
>
>    on a DATA frame is treated as being equivalent to the TCP FIN bit.  A
>
>
>
> FP: Can a reference be added to the section where the TCP FIN bit is defined?
>
>
>
> 21. -----
>
>
>
>      Content-Type: image/jpeg   ==>     - END_STREAM
>
>      Content-Length: 123                + END_HEADERS
>
>
>
> FP: I think it would be good to add a sentence about the meaning of - and + (which I understand to be flag set or not set) in section 2.2.
>
>
>
> 22. -----
>
>
>
>    treated as delimiters in other HTTP versions.  An intermediary that
>
>    translates an HTTP/2 request or response MUST validate fields
>
>    according to the rules in Section 8.2 roles before translating a
>
>    message to another HTTP version.  Translating a field that includes
>
>
>
> FP: is "roles" supposed to be there?
>
>
>
> 23. -----
>
>
>
>    The CONNECT method can be used to create disproportionate load on an
>
>    proxy, since stream creation is relatively inexpensive when compared
>
>
>
> FP: nit s/an/a
>
>
>
> 24. -----
>
>
>
> FP: I think it would be good to keep the 3rd paragraph in Section 11 instead of asking the RFC Editor to remove it, just to keep a trace of the registries that have been defined in 7540, since those registries will now reference this document, but this document does not contain all the definitions of the different fields.
>
>
>
> 25. ----
>
>
>
>    Comments:  Obsolete; see Section 11.1
>
>
>
> FP: I would suggest to be explicit and add "of this document" (unless links can be maintained in IANA registries Comments fields).

v2.23.0 | Report a Bug | By Email