Re: [apps-discuss] WGLC: draft-ietf-appsawg-http-forwarded-02.txt

Andreas Petersson <andreas@sbin.se> Mon, 14 May 2012 15:21 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEE5221F87E8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 May 2012 08:21:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.539
X-Spam-Level:
X-Spam-Status: No, score=-9.539 tagged_above=-999 required=5 tests=[AWL=1.060, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9QuIFa03XjSd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 May 2012 08:21:50 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 371FF21F8752 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 14 May 2012 08:21:50 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1STx4V-0005sd-CI for ietf-http-wg-dist@listhub.w3.org; Mon, 14 May 2012 15:20:27 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <andreas@sbin.se>) id 1STx4K-0005rh-Eo for ietf-http-wg@listhub.w3.org; Mon, 14 May 2012 15:20:16 +0000
Received: from smtp.opera.com ([213.236.208.81]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <andreas@sbin.se>) id 1STx4B-0002iz-N3 for ietf-http-wg@w3.org; Mon, 14 May 2012 15:20:14 +0000
Received: from hetzer (oslo.jvpn.opera.com [213.236.208.46]) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id q4EFJcIw031095; Mon, 14 May 2012 15:19:38 GMT
Date: Mon, 14 May 2012 17:19:29 +0200
From: Andreas Petersson <andreas@sbin.se>
To: apps-discuss@ietf.org
Cc: ietf-http-wg@w3.org
Message-ID: <20120514171929.647b92db@hetzer>
In-Reply-To: <4FA02AEA.1080407@isode.com>
References: <4FA02AEA.1080407@isode.com>
X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.6; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="PGP-SHA1"; boundary="Sig_/8ifz=NzdLvqyY398p/GWL/s"; protocol="application/pgp-signature"
Received-SPF: none client-ip=213.236.208.81; envelope-from=andreas@sbin.se; helo=smtp.opera.com
X-W3C-Hub-Spam-Status: No, score=-4.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3
X-W3C-Scan-Sig: lisa.w3.org 1STx4B-0002iz-N3 adfdc602f702ba5d845a959164dfce73
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [apps-discuss] WGLC: draft-ietf-appsawg-http-forwarded-02.txt
Archived-At: <http://www.w3.org/mid/20120514171929.647b92db@hetzer>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13538
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1STx4V-0005sd-CI@frink.w3.org>
Resent-Date: Mon, 14 May 2012 15:20:27 +0000

On Tue, 01 May 2012 19:26:50 +0100
Alexey Melnikov <alexey.melnikov@isode.com> wrote:

> Dear WG participants,
> I would like to initiate WG Last Call on 
> draft-ietf-appsawg-http-forwarded-02.txt ("Forwarded HTTP Extension"). 
> Please send your reviews, as well as expressions of support regarding 
> document readiness for IESG (or not) either to the mailing list, or 
> directly to WG chairs (Murray Kucherawy <msk@cloudmark.com> and myself). 
> Comments like "I've read the document and it is Ok to publish" or "I've 
> read the document and it has the following issues" are useful and would 
> be gratefully accepted by chairs.
> 
> The WGLC will end on Friday, May 18th.

We are closing in on May 18:th now. We have got plenty of good input.

To summarize, I have made a preliminary change log, covering things
that has been discussed this far. I will also mention ideas that we do
not intend to incorporate in this document.

If you have suggested something that is not in the list below I may
have missed that, please send a reminder to me in such case.

If you disagree with something in the list or have other ideas, please
let me know.



*** Intended changes ***

1.1, Section 4: Clearly mention that IPv6-addresses must be quoted.
     Also show this in examples. This also applies to IPv4 addresses
     when the port is specified.

1.2, Section 4: Have a less complex example. Also, make sure that the
     quote is placed on the right side of the "=".

1.3, Section 4: Add a note that a proxy can also add a new
     "Forwarded: .."-line, as this is equivalent. 

1.4, Section 5.*: Remove some MAY-references.

1.5, Section 5.1: Add a note that the by-parameter may be useful in a
     multi-homed environment. 

1.6, Section 5.2: Add a note that in some situations it is more relevant
     to read the address of the last proxy in the last
     Forwarded-by-field.

1.7, Section 5.2: Formulate paragraph 1 to include that the information
     is not only regarding the initiating client. Also change "user
     agent" to "client".

1.8, Section 5.5: Change the requirement to notify IANA into:
>"It is possible to register additional parameters using the IANA
>registration policy described in [RFC3864]"

1.9, Section 6: Require obfport to start with an underscore. 

1.10, Section 6 & 6.3: Include "[:._-]" as valid characters in obfnode
      and obfport. 

1.11, Section 6.1: s/zero compression/compression of zeroes/

1.12, Section 6.1: s/IPv6 adress/IPv6 address/

1.13, Section 7: Add some notes on when the header should be preserved
      or not. Duscussed under #7:
http://www.ietf.org/mail-archive/web/apps-discuss/current/msg05535.html

1.14, Section 7: Note that this header field is not possible to combine
      with the information from the via-header field with certainty.

1.15, Section 7.1: Remove the word "correctly" from: 
      "[...] information might not be correctly updated [...]"

1.16, Section 7.x: Encourage proxies to convert X-Forwarded-*
    when possible. 

1.17, Section 8.2: Add the text W. Tarreau mentions:
      (with the change of must -> should in the first sentence)
> This header field should never be copied into response messages by
> origin servers or intermediaries for whatever reason as it can reveal
> the whole proxy chain to the client. As a side effect, special care
> must be taken in hosting environments not to allow the TRACE request
> where the Forwarded field is used, as it would appear in the body of
> the response message.


1.18, Section 8: Add a section or a note about privacy considerations.



*** Suggestions we intend NOT to incorporate ***
(somewhat incomplete)

2.1, TCP-options. This can be standardized in a separate document.

2.2, Complex transition schemes. 


Best regards,
 Andreas Petersson