Re: Call for Adoption: HTTP/2 Bis
Willy Tarreau <w@1wt.eu> Fri, 11 December 2020 20:01 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 663F63A0EBE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 11 Dec 2020 12:01:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fgVrGPoC0MXI for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 11 Dec 2020 12:01:00 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBD833A0F9D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 11 Dec 2020 12:00:53 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1knoYP-0006Pb-ST for ietf-http-wg-dist@listhub.w3.org; Fri, 11 Dec 2020 19:58:13 +0000
Resent-Date: Fri, 11 Dec 2020 19:58:13 +0000
Resent-Message-Id: <E1knoYP-0006Pb-ST@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <w@1wt.eu>) id 1knoYO-0006Op-Nj for ietf-http-wg@listhub.w3.org; Fri, 11 Dec 2020 19:58:12 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by titan.w3.org with esmtp (Exim 4.92) (envelope-from <w@1wt.eu>) id 1knoYM-0004Ks-GB for ietf-http-wg@w3.org; Fri, 11 Dec 2020 19:58:12 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 0BBJvhGg021571; Fri, 11 Dec 2020 20:57:43 +0100
Date: Fri, 11 Dec 2020 20:57:43 +0100
From: Willy Tarreau <w@1wt.eu>
To: Bence Béky <bnc@google.com>
Cc: Mike Bishop <mbishop@evequefou.be>, Ian Swett <ianswett@google.com>, David Benjamin <davidben@chromium.org>, Cory Benfield <cory@lukasa.co.uk>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>
Message-ID: <20201211195743.GA21550@1wt.eu>
References: <6FC1E45E-7CA7-48A6-81F5-06D7C26BC7EA@mnot.net> <CAKcm_gOAFMamcdj68LjW3gJ7spNwhuSx1tjW3pZjNJc+EBLymg@mail.gmail.com> <CAH_hAJHqTyJ0O4XKVrL5H1+eSjFP3CEfmud4H2SYVR6q=6xrig@mail.gmail.com> <CAF8qwaBgE4-myStbABuR2gv3HcqU8soFbnpwMNKux2D=vx8TTw@mail.gmail.com> <CAKcm_gMwhFxohD0OjoEag8PHe5w8zgmskexrwjAE_KSB5N8pXw@mail.gmail.com> <CH2PR22MB2086265AE57AA51529720F86DACB0@CH2PR22MB2086.namprd22.prod.outlook.com> <20201211044102.GC19911@1wt.eu> <CACMu3tq7MKPheUrvMg3E3QTZEZS_-fxShO1=NuLtRKpvq+yp4w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CACMu3tq7MKPheUrvMg3E3QTZEZS_-fxShO1=NuLtRKpvq+yp4w@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1knoYM-0004Ks-GB fb97e2cf797f28b6f85c641380071f9b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: HTTP/2 Bis
Archived-At: <https://www.w3.org/mid/20201211195743.GA21550@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38300
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Bence, On Fri, Dec 11, 2020 at 02:36:58PM -0500, Bence Béky wrote: > As Willy mentioned, doing GREASE with Chrome has somewhat promising > results. I'm not aware of any sites that have problems with reserved > setting identifiers. There are a number of sites that have issues with > reserved frame types, most notably https://slack.com. However, all three > server bugs I'm aware of causing GREASE intolerance have been fixed, so > moving the ecosystem forward is a matter of upgrading (which I acknowledge > can be quite complex). Also, it is a lucky coincidence that the particular > issue affecting slack.com only affects frame types above 0x20, This description exactly matches the bug you found that affected prior haproxy versions, so possibly they're running on this and haven't applied maintenance fixes (sounds scary though given that it would mean that other much more serious issues wouldn't be fixed either). If that's it we shouldn't even care with such issues as they are things of the past given that software causing them have long been fixed. > There is also a GREASE intolerant middlebox product out there, and while > that bug has been fixed in recent releases, some older branches are still > supported. In fact no available upgrade includes the fix for certain > hardware platforms. See https://crbug.com/1127569#c9 for specifics. I do > not know if this bug is triggered by frame type 0x10, or only larger values. Similarly, by the time a new H2 spec is out, bogus versions will have totally disappeared. > I guess these server bugs will be around for a little while, but not > forever. I have zero compassion for site operators which refuse to apply fixes. I'm fine with slow processes requiring months of validation but not with lazy or irresponsible admins not doing their most basic job. So I really think we should not care a single second about deployments running on older versions of software which was already fixed. In the worst case these versions will disappear once a critical vulnerability appears in their version or when the admin (ir)responsible for keeping it exposed leaves the company. What should really matter to us is fundamental incompatibilities caused by spec mis-interpretation. At this point it looks like H2 doesn't suffer from such a problem at all. > I'm planning to implement PRIORITY_UPDATE in Chrome by the next release, > and based on what we've seen from GREASE, we might indeed run into issues > with sending the new frame and the SETTINGS_DEPRECATE_HTTP2_PRIORITIES > identifier, as Ian mentioned above. The experiments so far happened only > on Chrome Dev and Canary channels, and an issue with a site as popular as > https://netflix.com has only been reported after two months, so it is still > possible that there is a bug with a website that is not popular enough that > I would have learned about it yet, but popular enough that it will block > PRIORITY_UPDATE launch. What I'm wondering is if we should plan a normalized method to report implementation bugs to servers. We could for example have a .well-known URL where a few information are sent (e.g. a link to the agent's bug tracker). This way site owners could spot them in their logs when they see many errors in their stats. > Then there is the situation from the server's perspective. An old version > of an HTTP/2 client library is intolerant to unknown setting identifiers: > it simply closes the connection if it receives any. This causes > difficulties for WebSockets over HTTP/2 and also PRIORITY_UPDATE. Also, I > am not aware of any GREASE experiments from the server side, so I do not > know what the situation is with reserved frame types. I doubt GREASE makes as much sense from infrastructure to clients. I mean, there is incentive for fixing infrastructure components when millions of clients face problems with a given site. But the other way around is much different. There's a wide variety of clients around, some that users cannot even update, and these ones will continue to occasionally fail without the user having any effective power on them. This will only result in a bad image for the sites triggerring the issues, for no perceived value for these sites. Just my two cents, Willy
- Call for Adoption: HTTP/2 Bis Mark Nottingham
- Re: Call for Adoption: HTTP/2 Bis Ian Swett
- Re: Call for Adoption: HTTP/2 Bis Willy Tarreau
- Re: Call for Adoption: HTTP/2 Bis Willy Tarreau
- Re: Call for Adoption: HTTP/2 Bis Daniel Stenberg
- Re: Call for Adoption: HTTP/2 Bis Stefan Eissing
- Re: Call for Adoption: HTTP/2 Bis Roy T. Fielding
- Re: Call for Adoption: HTTP/2 Bis Willy Tarreau
- Re: Call for Adoption: HTTP/2 Bis Mark Nottingham
- Re: Call for Adoption: HTTP/2 Bis Roy T. Fielding
- Re: Call for Adoption: HTTP/2 Bis Cory Benfield
- Re: Call for Adoption: HTTP/2 Bis David Benjamin
- Re: Call for Adoption: HTTP/2 Bis Ian Swett
- RE: Call for Adoption: HTTP/2 Bis Mike Bishop
- Re: Call for Adoption: HTTP/2 Bis Mark Nottingham
- Re: Call for Adoption: HTTP/2 Bis Willy Tarreau
- Re: Call for Adoption: HTTP/2 Bis Stefan Eissing
- Re: Call for Adoption: HTTP/2 Bis Bence Béky
- Re: Call for Adoption: HTTP/2 Bis Willy Tarreau
- Re: Call for Adoption: HTTP/2 Bis Julian Reschke
- RE: Call for Adoption: HTTP/2 Bis Mike Bishop
- RE: Call for Adoption: HTTP/2 Bis Mike Bishop
- Re: Call for Adoption: HTTP/2 Bis Tommy Pauly
- Re: Call for Adoption: HTTP/2 Bis Ian Swett
- Re: Call for Adoption: HTTP/2 Bis Tommy Pauly
- Re: Call for Adoption: HTTP/2 Bis Willy Tarreau
- Re: Call for Adoption: HTTP/2 Bis Dmitri Tikhonov
- Re: Call for Adoption: HTTP/2 Bis Cory Benfield
- Re: Call for Adoption: HTTP/2 Bis Mark Nottingham