IETF Logo Mail Archive

Re: draft-ietf-httpbis-replay-03, "5.1. The Early-Data Header Field"

Julian Reschke <julian.reschke@gmx.de> Tue, 15 May 2018 10:43 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D5C126E64 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 15 May 2018 03:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.65
X-Spam-Level:
X-Spam-Status: No, score=-7.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 631u7PyE8HSp for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 15 May 2018 03:43:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 440001241F8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 15 May 2018 03:43:41 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1fIXJ5-0001mv-LP for ietf-http-wg-dist@listhub.w3.org; Tue, 15 May 2018 10:35:47 +0000
Resent-Date: Tue, 15 May 2018 10:35:47 +0000
Resent-Message-Id: <E1fIXJ5-0001mv-LP@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <julian.reschke@gmx.de>) id 1fIXIw-0001m4-E1 for ietf-http-wg@listhub.w3.org; Tue, 15 May 2018 10:35:38 +0000
Received: from mout.gmx.net ([212.227.17.20]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <julian.reschke@gmx.de>) id 1fIXIr-0008NM-6i for ietf-http-wg@w3.org; Tue, 15 May 2018 10:35:38 +0000
Received: from [192.168.178.20] ([93.217.119.143]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MF5C3-1f2ocf2tMR-00GFBz; Tue, 15 May 2018 12:34:38 +0200
To: Mark Nottingham <mnot@mnot.net>
Cc: Willy Tarreau <w@1wt.eu>, Kazuho Oku <kazuhooku@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
References: <53AB69B7-9BC9-4522-B824-05365AC7F288@mnot.net> <7569d419-7acd-db65-214f-17bdb562f71a@gmx.de> <20180514053643.GA23057@1wt.eu> <6B2BCC43-9ECB-45E9-97B5-8B7C347D0A45@mnot.net> <CABkgnnX8c1=sOpCx2uzoPJHSHQg2O58ZE57rVhW426G0x3MTGg@mail.gmail.com> <DC5ED7A8-9424-4405-BF03-C8BB2252D455@mnot.net> <CANatvzzQDF4M06CXeHusywTsWK66YO4R1bHH1f6bHeiqJCTsdQ@mail.gmail.com> <3BA995E0-DF9E-418C-8AB3-ABE4290E76BA@mnot.net> <20180515061151.GA23784@1wt.eu> <6AD5563C-D587-48FC-8FE5-9A3A79FCE83F@mnot.net> <20180515093446.GB23881@1wt.eu> <701B138F-38B2-4EF4-8E9A-8155566D5463@mnot.net> <6b617854-7b71-732f-fb2c-ded248399cb8@gmx.de> <10FCC5C3-A36C-44DE-A63A-F13AA4928334@mnot.net>
From: Julian Reschke <julian.reschke@gmx.de>
Message-ID: <4d0b3165-4265-9963-8ae5-72d9b0d2d980@gmx.de>
Date: Tue, 15 May 2018 12:34:36 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <10FCC5C3-A36C-44DE-A63A-F13AA4928334@mnot.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K1:EcUyLs9CYWLpToUU4K8kkDOm3P0WoMefB6kZdGevnTlhMC+WwhR ijI/4vLWJL/9etpOZ3DzDkTGOd3J7Uf3IayCWP1YAfsKFYsC2vh8vSzymFZSw5GaA1QyQR+ U3xXGOPjMe5dYTz6M9ltgEV9ltrVYX+2OD3bY2YJ+AlDHUOp8R6xhY3x4SbzZgHEN8hdSc5 qyyza3F3EpYt52KPo8xAg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:ndtOYrM73VE=:yyERvCjcdc9nZtJsaYIXSA w0qJC4c0cmAq8U4f9aDRTIegz/lGPdDpbhW8wQDoWoi2e94dPeHZeSG9o5qR0mv2UYILAU7q8 6Y509jMo5QSwx9T95OweeqnBkpTq45uX6JAOPat3Xr6EGHFTXe7YCmbGe2HFcNu5Rcg8lG4Sy aTixI/n+eAy4IeqQgtF4yDKAQSI8nePvXGNfQsz3ElidnVe7kBoJFI7W37uITPT9OZlyLiYjo F/+WYUC7JWDWjD71/he/63CgU4DswSuP83VBPzPQPjla3fdRdCwnB5k203o5HP1xZuGMtPgrt DUbjKUmB1xxLut32K4lxppjnXV5XHtq1C+fBQ4+YG5WRuXM/02Dqa6y56kMqovMYsFMYfCCaX v5y8ZCqwvYVQPODJ2R2v707Cn1SxhP5rGoGgQLln4Ll2CX/Vfhyc9nQSqLAtHHwyhVJbTTYpg 7TwchJFtQgQQE7CJW0iYsLavKK2D6TzeSOXtxPXjLtFusmdamb75/QBfYk9qSC4zGxgPjVZf3 23l6Or6tGNwu3ucijQSEyCuBveqV4l92X2KR7zYlfBpjufUteKmjuYXYHZmr7xB9esM9CAAnC FHQXsHRqhHHQdEINPC119SWhwOMs+Q9NfeIS9THGyF6CPnI7tN+XjBFM5MR2AfPAiZoSDYour I14aJedq/EXP09hRd+kE7Il5YbAkhj8VZ6wWxhUdN9DnGBAAvOPxSIbmOSznleqoea313DkXe f8cm2XuZuhNDSBuepjYR8v5/Yiatgqi3P+/8uKUcyKZzhWLeLL5+4cOEhKAnag/JGi/BtTvC9 Q1fKB2M
X-W3C-Hub-Spam-Status: No, score=-6.5
X-W3C-Hub-Spam-Report: AWL=0.094, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1fIXIr-0008NM-6i a26710c625954df95843022cac09bb1f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: draft-ietf-httpbis-replay-03, "5.1. The Early-Data Header Field"
Archived-At: <https://www.w3.org/mid/4d0b3165-4265-9963-8ae5-72d9b0d2d980@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35404
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 2018-05-15 12:18, Mark Nottingham wrote:
> 
> 
>> On 15 May 2018, at 8:06 pm, Julian Reschke <julian.reschke@gmx.de> wrote:
>>
>> On 2018-05-15 11:46, Mark Nottingham wrote:
>>>> But we're back to the problem Julian raised which is :
>>>>
>>>>     When Structured Headers parsing fails, the header is discarded
>>>>
>>>> Booleans are different from integers. Booleans indicate a status. Eg:
>>>> "safe" vs "unsafe". Discarding the "unsafe" status because we failed to
>>>> parse it is dangerous.
>>>>
>>>> Actually I'm starting to think that the rule
>>>> consisting in silently discarding a header field that fails to parse is
>>>> the problem here. Normally we're supposed to return "400 bad req" on
>>>> parsing errors, and I fear we're becoming too lenient on parsing and
>>>> introduce a new class of problems.
>>> 400 is for HTTP-level parsing issues; e.g., message delimitation -- at least from generic HTTP implementations. Not being able to parse an extension header is a totally different thing.
>>
>> 400 is for anything caused by the client, and not covered by a more specific 4xx code.
> 
> Yes, but its use is not required upon any error by the client.

Right. I was just disagreeing with "400 is for HTTP-level parsing 
issues; e.g., message delimitation -- at least from generic HTTP 
implementations".

>> It might make sense to define a new 4xx code to cover the case of a syntax error in a request header field value.
> 
> Do we have examples of extension headers needing / doing this?
> 
> None of the ones in recent memory do (e.g., Access-Control-Allow-*, Accept-Patch, Accept-Post, ALPN, Alt-Used, Cookie (bis), HTTP2-Settings, Origin, Prefer).
> 
> That's not to say that we'll never encounter another header that justifies a hard error reflected in a status code, just that it doesn't seem common, so we might be optimising (well, specifying) prematurely here.
> 
> I would say we could define a "SH-Errors-Encountered" header to stick onto a 400, but I think that creates a more complex, coupled protocol than we want here (YMMV), and it would encourage header authors to generate that 400, rather than having safe defaults -- which is I think the pattern we want them to be following.

...well, we got here because we were discussing error handling for 
malformed Early-Data header fields. If Early-Data was using SH, this 
would be an example.

Best regards, Julian

v2.23.0 | Report a Bug | By Email