Re: HTTP router point-of-view concerns

Willy Tarreau <w@1wt.eu> Sat, 13 July 2013 17:35 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6226921F9ADE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 13 Jul 2013 10:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9+toLYJHgmx for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 13 Jul 2013 10:35:42 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 2EBEB21F9BBC for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 13 Jul 2013 10:35:42 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Uy3iW-0002fZ-2J for ietf-http-wg-dist@listhub.w3.org; Sat, 13 Jul 2013 17:34:44 +0000
Resent-Date: Sat, 13 Jul 2013 17:34:44 +0000
Resent-Message-Id: <E1Uy3iW-0002fZ-2J@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <w@1wt.eu>) id 1Uy3iN-0002el-Bz for ietf-http-wg@listhub.w3.org; Sat, 13 Jul 2013 17:34:35 +0000
Received: from 1wt.eu ([62.212.114.60]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <w@1wt.eu>) id 1Uy3iL-000870-9t for ietf-http-wg@w3.org; Sat, 13 Jul 2013 17:34:35 +0000
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id r6DHWM7R002618; Sat, 13 Jul 2013 19:32:22 +0200
Date: Sat, 13 Jul 2013 19:32:22 +0200
From: Willy Tarreau <w@1wt.eu>
To: Sam Pullara <spullara@gmail.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20130713173222.GM32054@1wt.eu>
References: <CAP+FsNdcYhA=V5Z+zbt70b5e7WmcmXgjG5M9L3vfXeXfTwmRnw@mail.gmail.com> <51DE327C.7010901@treenet.co.nz> <CABkgnnXeqD6wh0dcJ1Dz=4PLAJNkDeGcCuzMr9ATd_7xS7nbGQ@mail.gmail.com> <CABP7RbcUkLf3CTAB4jwicnsiKWLGVY6=hX0k=0256SR_gcVt9A@mail.gmail.com> <092D65A8-8CB7-419D-B6A4-77CAE40A0026@gmail.com> <3835.1373612286@critter.freebsd.dk> <CD9E163F-1225-4DA8-9982-8BDBD16B1051@mnot.net> <1772.1373629495@critter.freebsd.dk> <20130712125628.GC28893@1wt.eu> <881777F8-86A7-4943-9BBD-8EB2DC306834@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <881777F8-86A7-4943-9BBD-8EB2DC306834@gmail.com>
User-Agent: Mutt/1.4.2.3i
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-3.0
X-W3C-Hub-Spam-Report: AWL=-3.035, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: maggie.w3.org 1Uy3iL-000870-9t ecdd83dc3226672aeda95e2187d16da6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP router point-of-view concerns
Archived-At: <http://www.w3.org/mid/20130713173222.GM32054@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18744
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sat, Jul 13, 2013 at 09:49:42AM -0700, Sam Pullara wrote:
> This can be (and in many cases is already) solved at any web company big
> enough to need to solve it. I'm 100% in favor of using a client generated
> session identifier. This would dramatically simplify HTTP/2 in a real way.
> Cookies are from another era when building a server-side scalable session
> data store was difficult and expensive. I would argue that isn't the case
> anymore.

Until you are able to shrink the time it takes to synchronize two servers
at opposite sides of the world, you'll end up causing delays that are higher
than the average RTTs we're trying to get rid of. Not to mention the amount
of inter-DC traffic.

I'm sorry, but cookies are *not* evil. Some uses of cookies are evil. You
don't need to break the web just because of some improper usages. Otherwise
you can as well advocate against computers because computers are also used
to track people and retrieve a lot of information about them that is not
possible to collect by hand. That's simply non-sense.

We could possibly support very short cookies (eg: 16 bit). That should be
enough for most large deployments, and clearly not enough to track users.

But I want to insist that scalable state management is an important piece
of the net that we must not break just because it makes us feel better.

Willy