Re: Comments on draft-ietf-httpbis-http2-04
Jeff Pinner <jpinner@twitter.com> Tue, 09 July 2013 21:00 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9B9E21F996F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 9 Jul 2013 14:00:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.255
X-Spam-Level:
X-Spam-Status: No, score=-7.255 tagged_above=-999 required=5 tests=[AWL=-2.279, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, GB_SUMOF=5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-ihbSNzRe2V for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 9 Jul 2013 14:00:27 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 921FD21F995B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 9 Jul 2013 14:00:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Uwf0h-0003Jk-Av for ietf-http-wg-dist@listhub.w3.org; Tue, 09 Jul 2013 20:59:43 +0000
Resent-Date: Tue, 09 Jul 2013 20:59:43 +0000
Resent-Message-Id: <E1Uwf0h-0003Jk-Av@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jpinner@twitter.com>) id 1Uwf0Z-0003ID-Se for ietf-http-wg@listhub.w3.org; Tue, 09 Jul 2013 20:59:35 +0000
Received: from mail-oa0-f46.google.com ([209.85.219.46]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <jpinner@twitter.com>) id 1Uwf0Y-000603-C4 for ietf-http-wg@w3.org; Tue, 09 Jul 2013 20:59:35 +0000
Received: by mail-oa0-f46.google.com with SMTP id h1so8664388oag.33 for <ietf-http-wg@w3.org>; Tue, 09 Jul 2013 13:59:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=twitter.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Gj/6k/25zQYhDfx1jq8ou7oRC+v2ziGuttv+mJlTVmw=; b=SnWI699EMtPFXTRnoyapFpOgKbACGiLpMziIw/Hcii+WoFggoij4Qs1gVgWNzkdL31 4DRyX+hqjUhZwe2MR7wwcIY2q0nZtnRgA9m3CtyG4pi+A73x3l4Y3AQZM+FGfoNJLDvt MeR2RkCGHHH/uddH16pHUmbavJe9IJaHg9h+w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=Gj/6k/25zQYhDfx1jq8ou7oRC+v2ziGuttv+mJlTVmw=; b=K6ylGcXZrvvlrjVHCWCHGZr7dDYL2qjWWHpa8Iu/q9tpcnMzennf4xXQv+SzISr8bH mDCw9cyBdSP3iAMaHsNnRjUpQOAwwHP6HVFHItxXEVCmKscKil1Tl/qwFfRNy1yrKLjz lJz8Vn9upnkIOIfsDIfpbdHIrx2h7eZuKz4sxVya/cSabYbb2dTG8gxyV2RIq7T9/2WD +y/B+0deeEdvO3bqKmi0151UjkBeHRWOxLPXrzy8pK6U97vGw2P9GfcpY5kdurXn2I0j ZCdhV3pMpdgldCXCmTnye/Qkv3XFCLJ7o97uQwM/UINsRgHOvymSPrhNaM49n1p3uEJ9 z7gg==
MIME-Version: 1.0
X-Received: by 10.60.173.169 with SMTP id bl9mr26271096oec.51.1373403548433; Tue, 09 Jul 2013 13:59:08 -0700 (PDT)
Received: by 10.182.7.37 with HTTP; Tue, 9 Jul 2013 13:59:08 -0700 (PDT)
In-Reply-To: <A5F07EB0-894D-4D70-B3F1-925AF19AC573@apple.com>
References: <3072E3B4-63B4-4DFB-AFD8-08EE6407C6FB@apple.com> <CABkgnnWexuQb9vZPudJTJ+Gk0LAtcunWG1fThrk3Y_Eo9mDv=A@mail.gmail.com> <CA+pLO_gzNTpTabeuXE7SE+J8Bnx7ky3bnxdKLxB5A-DiAS01Uw@mail.gmail.com> <A5F07EB0-894D-4D70-B3F1-925AF19AC573@apple.com>
Date: Tue, 09 Jul 2013 13:59:08 -0700
Message-ID: <CA+pLO_jL63qxtFFvC=JN5iJSr2_B8KkBftX9K19M0x3qV7HOLw@mail.gmail.com>
From: Jeff Pinner <jpinner@twitter.com>
To: Michael Sweet <msweet@apple.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, list <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="089e011761c9a3507b04e11a6e0f"
X-Gm-Message-State: ALoCoQl1q3HvqmNtT1G+9zq11RuR92fTM+2CLb3OtHacBq3llJYtf0UY8C3rIqR3/W/ohjk5FCcH
Received-SPF: pass client-ip=209.85.219.46; envelope-from=jpinner@twitter.com; helo=mail-oa0-f46.google.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: AWL=-3.100, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1Uwf0Y-000603-C4 ee183d056507d0ed4c9aa8d012110653
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Comments on draft-ietf-httpbis-http2-04
Archived-At: <http://www.w3.org/mid/CA+pLO_jL63qxtFFvC=JN5iJSr2_B8KkBftX9K19M0x3qV7HOLw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18663
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I am all for adding text to the "Additional HTTP Requirements/Considerations" sections that discuss how to upgrade from HTTP/1.1 to HTTP/2.0, including what to do about how to handle specific headers, Expect and Content-Length / Transfer-Encoding included. This would be useful not just to implementers migrating to HTTP/2.0 but also to proxies that upgrade/downgrade the protocol version. That being said, the requirements around Message Length in HTTP/1.1 are non-trivial and given that we want to support interoperability, I'd like to minimize adding additional requirements (especially those with conflicting semantics) in the HTTP/2.0 spec. P.S. the httpbis messaging draft states: If a message is received with both a Transfer-Encoding and a Content-Length header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request or response smuggling (bypass of security-related checks on message routing or content) and thus ought to be handled as an error. A sender MUST remove the received Content- Length field prior to forwarding such a message downstream. it would be nice to strengthen that language so that it matches the new HTTP/2.0 requirement. On Tue, Jul 9, 2013 at 1:45 PM, Michael Sweet <msweet@apple.com> wrote: > Jeff, > > There is a long history of HTTP/1.1 servers that did not support > Transfer-Encoding: chunked, and the PWG and others have spent a good 15 > years harassing those (non-) implementors to get them to conform so we can > do something other than print static files... :/ > > So whether or not we have MUSTs in the sentence, I think it is important > to clearly identify the migration path from HTTP/1.1 chunking to HTTP/2.0 > frames. Making the jump from HTTP/1.1 to HTTP/2.0 will be a major effort > for most vendors, and given past performance I'd like to avoid any > ambiguous language that leads to implementation bugs and interoperability > issues - it makes for some messy code when such mistakes are put in ROMs > that can't be updated... > > > On Jul 9, 2013, at 3:50 PM, Jeff Pinner <jpinner@twitter.com> wrote: > > I would prefer we say something to the effect of: > > If a server receives a request with a "Content-Length" header and > the sum of the DATA frame payload lengths does not equal the value > of the "content-length" header field, the server MUST return a 400 (Bad > Request) error. > > and remove any other MUSTs and SHOULDs. By the way, I would like to note > that this is different than how the HTTP/1.1 spec handles > Tranfser-Encoding. From RFC2616 Sec 4.4: > > If a message is received with both a Transfer-Encoding header field and a > Content-Length header field, the latter MUST be ignored. > > - Jeff > > > On Tue, Jul 9, 2013 at 12:40 PM, Martin Thomson <martin.thomson@gmail.com>wrote: > >> On 9 July 2013 10:12, Michael Sweet <msweet@apple.com> wrote: >> > I am uncomfortable with this wording primarily because a lot of POST >> usage >> > consists of streamed content - my particular interest is obviously >> printing, >> > but any streamed content will necessarily not be able to provide a >> > content-length header field. So instead I would suggest the following >> two >> > paragraphs instead: >> >> I think that your edits capture the spirit of what was intended by the >> existing text, with far less ambiguity. Unless I get objections, >> those can be integrated. >> >> > My other comment is that I don't see any discussion of the Expect >> header, >> > nor do I see a issue on Github... >> >> There was a brief discussion at the last interim. The feature is in >> serious jeopardy. See #18: >> https://github.com/http2/http2-spec/issues/18 >> >> > > _________________________________________________________ > Michael Sweet, Senior Printing System Engineer, PWG Chair > >
- Comments on draft-ietf-httpbis-http2-04 Michael Sweet
- Re: Comments on draft-ietf-httpbis-http2-04 Martin Thomson
- Re: Comments on draft-ietf-httpbis-http2-04 Jeff Pinner
- Re: Comments on draft-ietf-httpbis-http2-04 Michael Sweet
- Re: Comments on draft-ietf-httpbis-http2-04 Michael Sweet
- Re: Comments on draft-ietf-httpbis-http2-04 Jeff Pinner
- Re: Comments on draft-ietf-httpbis-http2-04 Julian Reschke
- Re: Comments on draft-ietf-httpbis-http2-04 Jeff Pinner
- Re: Comments on draft-ietf-httpbis-http2-04 Julian Reschke
- Re: Comments on draft-ietf-httpbis-http2-04 Martin Thomson