Re: Is HTTP/1.0 still relevant?

Willy Tarreau <w@1wt.eu> Fri, 04 September 2020 07:17 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BD2F3A0F52 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:17:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.65
X-Spam-Level:
X-Spam-Status: No, score=-2.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dhv6sCrWguIi for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:17:09 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AFB13A0F50 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 4 Sep 2020 00:17:09 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kE5xs-0006Fc-47 for ietf-http-wg-dist@listhub.w3.org; Fri, 04 Sep 2020 07:16:52 +0000
Resent-Date: Fri, 04 Sep 2020 07:16:52 +0000
Resent-Message-Id: <E1kE5xs-0006Fc-47@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <w@1wt.eu>) id 1kE5xq-0006El-Lq for ietf-http-wg@listhub.w3.org; Fri, 04 Sep 2020 07:16:50 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by titan.w3.org with esmtp (Exim 4.92) (envelope-from <w@1wt.eu>) id 1kE5xo-0008C5-Mw for ietf-http-wg@w3.org; Fri, 04 Sep 2020 07:16:50 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 0847GaD7002935; Fri, 4 Sep 2020 09:16:36 +0200
Date: Fri, 4 Sep 2020 09:16:36 +0200
From: Willy Tarreau <w@1wt.eu>
To: Eric J Bowman <mellowmutt@zoho.com>
Cc: Ietf Http Wg <ietf-http-wg@w3.org>
Message-ID: <20200904071636.GB2905@1wt.eu>
References: <174578870d7.1265f983c12789.7350275676057542310@zoho.com> <20200904054051.GA2905@1wt.eu> <17457f2cfaa.b1c12efb13715.7081201094742751967@zoho.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <17457f2cfaa.b1c12efb13715.7081201094742751967@zoho.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1kE5xo-0008C5-Mw 60f280397cb41f2c34af835dde56980e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Is HTTP/1.0 still relevant?
Archived-At: <https://www.w3.org/mid/20200904071636.GB2905@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38002
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Fri, Sep 04, 2020 at 12:09:24AM -0700, Eric J Bowman wrote:
(...)
> Hmmm... yeah. Development server. Strict is fine. I'll be making HTTP/1.1
> my baseline and not worrying about 1.0, but thanks for explaining to me how
> that can go wrong. For this project, I don't think I care. If I did care,
> thanks for pointing out that it isn't all that difficult to support 1.0.

Then at least make sure to reject 1.0 as 505 not supported and not to just
handle it like 1.1, otherwise your users will really face bugs. The typical
thing a developer does is to use telnet or netcat to send a local dirty
request "by hand" when curl for whatever reason is not suitable (e.g. you
want to see when exactly the server rejects your input), and seeing the
connection hung after a response to an 1.0 request is confusing.

Cheers,
Willy