Re: [Technical Errata Reported] RFC7230 (4667)

Alex Rousskov <rousskov@measurement-factory.com> Fri, 15 April 2016 00:56 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD8B112DCC2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 17:56:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.917
X-Spam-Level:
X-Spam-Status: No, score=-7.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sCFx-Ib-umjQ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 17:56:09 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ECE612DC57 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 14 Apr 2016 17:56:08 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aqrzA-0001lJ-19 for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Apr 2016 00:51:48 +0000
Resent-Date: Fri, 15 Apr 2016 00:51:48 +0000
Resent-Message-Id: <E1aqrzA-0001lJ-19@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <rousskov@measurement-factory.com>) id 1aqrz5-0001k2-RO for ietf-http-wg@listhub.w3.org; Fri, 15 Apr 2016 00:51:43 +0000
Received: from mail.measurement-factory.com ([104.237.131.42]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <rousskov@measurement-factory.com>) id 1aqrz3-0007UA-5m for ietf-http-wg@w3.org; Fri, 15 Apr 2016 00:51:43 +0000
Received: from [65.102.233.169] (unknown [65.102.233.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.measurement-factory.com (Postfix) with ESMTPSA id AA1C9E076; Fri, 15 Apr 2016 00:51:18 +0000 (UTC)
To: "Roy T. Fielding" <fielding@gbiv.com>
References: <20160413160504.63AB6180006@rfc-editor.org> <20160413163615.GE3262@1wt.eu> <7D00E3E0-6502-4A53-BEA1-FF36E8AB3857@mnot.net> <FAF05BB6-A4DA-400E-9F92-550E215BC637@gbiv.com> <5710127C.1080007@measurement-factory.com> <38684D79-ED03-462E-8923-040EDD233F71@gbiv.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, HTTP Working Group <ietf-http-wg@w3.org>
From: Alex Rousskov <rousskov@measurement-factory.com>
Message-ID: <57103AE3.2090003@measurement-factory.com>
Date: Thu, 14 Apr 2016 18:50:43 -0600
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <38684D79-ED03-462E-8923-040EDD233F71@gbiv.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=104.237.131.42; envelope-from=rousskov@measurement-factory.com; helo=mail.measurement-factory.com
X-W3C-Hub-Spam-Status: No, score=-5.7
X-W3C-Hub-Spam-Report: AWL=-0.835, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1aqrz3-0007UA-5m 2d2439e486276b80bbf35156cf04e6ab
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Technical Errata Reported] RFC7230 (4667)
Archived-At: <http://www.w3.org/mid/57103AE3.2090003@measurement-factory.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31468
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 04/14/2016 04:39 PM, Roy T. Fielding wrote:

> Don't confuse the various lenient ways in which implementations parse
> HTTP with the requirements on generating HTTP messages that are
> defined by the ABNF. The ABNF is intended to be more restrictive.

I fully agree, but we are not discussing ABNF creation IMO. We are
discussing a syntax change by an HTTPbis RFC. To change HTTP/1 syntax
that has been in use for many years, the "Founders Intent" alone is not
enough IMHO. There must be other compelling reasons. The only other
reason given so far was "lack of known examples", followed by your
discussion of "space padding" as a known usage example. I expect the bar
for HTTP/1 syntax change to be significantly higher.


> Likewise, don't confuse the parsing of ICAP messages (which are
> entirely defined by ICAP and its normative references) with
> requirements of RFC7230. If you need an exception, all you have to do
> is add it to ICAP  when (or if) that spec is updated to refer to
> RFC7230. ICAP hasn't changed until it does.

AFAICT, the core of our disagreement is that you are treating RFC 7230
as a new protocol, not an HTTPbis document that polishes and clarifies
HTTP/1 while avoiding unnecessary breaking changes. If HTTP/1 defined by
RFC 7230 is a new protocol, then my ICAP defense plea is indeed invalid
(all other reasons to add OWS or at least BWS remain).


> And, no, it is NEVER a good idea for new IETF protocols to
> effectively alias other IETF protocols.

AFAICT, ICAP does not alias HTTP. It uses RFC 2616 to define HTTP
messages. This is similar to RFC 7230 using URI definitions from RFC
3986. When URIbis obsoletes RFC 3986, I expect the authors to be very
careful not to accidentally invalidate HTTP/1 messages. IMHO, HTTPbis
should offer the same courtesy to ICAP.


Thank you,

Alex.
P.S. Please do not misinterpret the ICAP part of my argument as an
admiration for RFC 3507. I know that RFC has lots of problems. I am
thinking about ICAP developers that generally want to reuse HTTP/1
parsers. Such reuse now requires RFC 7230 violations and that feels
rather wrong [without compelling reasons for the syntax change].



>> On Apr 14, 2016, at 3:58 PM, Alex Rousskov <rousskov@measurement-factory.com> wrote:
>>
>>> On 04/14/2016 12:20 PM, Roy T. Fielding wrote:
>>>
>>> The next was if there were any examples we knew of where space
>>> was included there.  None.
>>
>>> Apache httpd [allows] for space-padding
>>> of the chunk-size in fixed buffers
>>
>> Too bad nobody from the Apache team was present during that discussion :-).
>>
>> As you said, Apache httpd essentially uses the old syntax (and violates
>> the new syntax in two places!) to accommodate space-padding (at least):
>>
>>  chunk-ext = 0*10<BWS> ";" *( OWS / VCHAR / )
>>
>> I know Squid and several ICAP agents that use HTTP parsers do similar
>> things.
>>
>>
>>> [ICAP, by the way, is not HTTP.]
>>
>> ICAP is not HTTP but it explicitly uses big parts of HTTP syntax.
>> AFAICT, such IETF protocol reuse is a good thing and should be
>> encouraged and protected by IETF. If an HTTP*bis* RFC invalidates HTTP
>> syntax very prominently used in another IETF RFC, something went wrong.
>> Errata can fix that.
>>
>>
>>> I don't have a problem with adding whitespace back in there, but I am not at all
>>> confidant that such a choice would be less likely to break things.  
>>
>> Both choices break things. The HTTPbis choice to delete LWS in chunks
>> breaks things today with a likelihood of 100% (my errata was inspired by
>> a real-world bug report related to this change). When HTTPbis is fixed,
>> someday, somewhere an implementation will misinterpret that whitespace.
>>
>> Since that whitespace does exist in real messages, breaks ICAP RFC, and
>> causes no known specific harm, we ought to undo this syntax change IMO.
>>
>>
>>> I don't want to play errata ping pong.
>>
>> The WG can always deny responsibility and add BWS instead of restoring
>> OWS. BWS cannot cause errata ping pong AFAICT. BWS does screw ICAP, but
>> nobody likes that kid anyway ;-).
>>
>>
>> Thank you,
>>
>> Alex.
>>
>>
>>
>>>>> On 14 Apr 2016, at 2:36 AM, Willy Tarreau <w@1wt.eu> wrote:
>>>>>
>>>>> On Wed, Apr 13, 2016 at 09:05:04AM -0700, RFC Errata System wrote:
>>>>>> The following errata report has been submitted for RFC7230,
>>>>>> "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing".
>>>>>>
>>>>>> --------------------------------------
>>>>>> You may review the report below and at:
>>>>>> http://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4667
>>>>>>
>>>>>> --------------------------------------
>>>>>> Type: Technical
>>>>>> Reported by: Alex Rousskov <rousskov@measurement-factory.com>
>>>>>>
>>>>>> Section: 4.1.1
>>>>>>
>>>>>> Original Text
>>>>>> -------------
>>>>>> chunk-ext      = *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
>>>>>>
>>>>>>
>>>>>> Corrected Text
>>>>>> --------------
>>>>>> chunk-ext      = *( ";" OWS chunk-ext-name [ "=" chunk-ext-val ] )
>>>>>>
>>>>>> Notes
>>>>>> -----
>>>>>> The infamous "implicit *LWS" syntax rule in RFC 2616 allowed whitespace between ";" and chunk-ext-name in chunk-ext. Some HTTP agents generate that whitespace. In my experience, HTTP agents that can parse chunk extensions usually can handle that whitespace. Moreover, ICAP, which generally relies on HTTP/1 for its message syntax, uses that whitespace when defining the "ieof" chunk extension in RFC 3507 Section 4.5:
>>>>>>
>>>>>>    \r\n
>>>>>>    0; ieof\r\n\r\n
>>>>>>
>>>>>> IMHO, RFC 7230 should either allow OWS before chunk-ext-name or at the very least explicitly document the HTTP/1 syntax change and its effect on parsers used for both ICAP and HTTP/1 messages (a very common case for ICAP-supporting HTTP intermediaries and ICAP services).
>>>>>>
>>>>>> I also recommend adding BWS around "=", for consistency and RFC 2616 backward compatibility reasons. HTTPbis RFCs already do that for transfer-parameter and auth-param that have similar syntax.
>>>>>>
>>>>>> Please also consider adding OWS _before_ ";" for consistency and RFC 2616 backward compatibility reasons. HTTPbis RFCs already do that for transfer-extension, accept-ext,  t-ranking, and other constructs with similar syntax.
>>>>>>
>>>>>> If all of the above suggestions are applied, the final syntax becomes:
>>>>>>
>>>>>> chunk-ext      = *( OWS  ";" OWS chunk-ext-name [ BWS  "=" BWS chunk-ext-val ] )
>>