Re: Make Date header not required
Willy Tarreau <w@1wt.eu> Mon, 31 August 2020 15:57 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ABFA3A172E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 31 Aug 2020 08:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Level:
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3G9t8Bop5Q29 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 31 Aug 2020 08:57:44 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1F0D3A1729 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 31 Aug 2020 08:57:44 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kCm8w-0002FV-Bc for ietf-http-wg-dist@listhub.w3.org; Mon, 31 Aug 2020 15:54:50 +0000
Resent-Date: Mon, 31 Aug 2020 15:54:50 +0000
Resent-Message-Id: <E1kCm8w-0002FV-Bc@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <w@1wt.eu>) id 1kCm8u-0002Ek-Pu for ietf-http-wg@listhub.w3.org; Mon, 31 Aug 2020 15:54:48 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by titan.w3.org with esmtp (Exim 4.92) (envelope-from <w@1wt.eu>) id 1kCm8s-00060K-Lx for ietf-http-wg@w3.org; Mon, 31 Aug 2020 15:54:48 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 07VFsWtP032043; Mon, 31 Aug 2020 17:54:32 +0200
Date: Mon, 31 Aug 2020 17:54:32 +0200
From: Willy Tarreau <w@1wt.eu>
To: Sergey Ponomarev <stokito@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20200831155432.GA32038@1wt.eu>
References: <CADR0UcXwMM+X7c54Ojve36zx1=mvedocuHDqPoY=UCiuU++HXQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADR0UcXwMM+X7c54Ojve36zx1=mvedocuHDqPoY=UCiuU++HXQ@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1kCm8s-00060K-Lx 0aa892c95ae181bac4d0316690e1a1a4
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Make Date header not required
Archived-At: <https://www.w3.org/mid/20200831155432.GA32038@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37981
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Mon, Aug 31, 2020 at 06:14:57PM +0300, Sergey Ponomarev wrote: > The Date header MUST be added to the response but at the same time it may > be omitted if the origin server doesn't have a good clock. It looks like > the header is useful only if server or client have misconfigured time but > the server also returns an Expires header that uses a fixed date. > That's why the header was replaced with more robust Cache-Control that uses > max-age with relevant time instead of fixed. > > Also another real life example of usage of the Date is some clients that > have blocked NTP and they tried to fetch time from google.com or 1.1.1.1. > > Both examples of usage are not so popular and in most cases the Date header > is just not needed. > But when implementing a web server you want to be compliant with spec or > just don't know how and where the Date is used exactly. > In the next release of BusyBox httpd server for embedded devices the Date > header can be disabled during a compilation. But this will make the server > non RFC compatible. > > Is it possible to change MUST to MAY for the header? And add a note when > the header is really needed. Well, it's not exactly written the way you suggested but rather like this: https://tools.ietf.org/html/rfc7231#section-7.1.1.2 - an origin server must not send .. if it does not have a clock capable of providing a reasonable approximation... - may send a date in 1xx or 5xx - must send in all OTHER cases So in short it is very likely reasonable to consider that users who compile out the support for Date header in BusyBox are precisely those running on small RTC-less machines, where it definitely makes sense not to send that header field since there's no way to be certain about the delivered date. In this regard, I'm already reading this MUST as a form of slightly stronger SHOULD, which seems to match your needs. Regards, Willy
- Make Date header not required Sergey Ponomarev
- Re: Make Date header not required Willy Tarreau
- Re: Make Date header not required Amos Jeffries