Re: Comments on draft-ietf-httpbis-http2-04
Jeff Pinner <jpinner@twitter.com> Tue, 09 July 2013 21:00 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9B9E21F996F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 9 Jul 2013 14:00:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.255
X-Spam-Level:
X-Spam-Status: No, score=-7.255 tagged_above=-999 required=5 tests=[AWL=-2.279, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, GB_SUMOF=5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-ihbSNzRe2V for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 9 Jul 2013 14:00:27 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 921FD21F995B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 9 Jul 2013 14:00:20 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Uwf0h-0003Jk-Av for ietf-http-wg-dist@listhub.w3.org; Tue, 09 Jul 2013 20:59:43 +0000
Resent-Date: Tue, 09 Jul 2013 20:59:43 +0000
Resent-Message-Id: <E1Uwf0h-0003Jk-Av@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jpinner@twitter.com>) id 1Uwf0Z-0003ID-Se for ietf-http-wg@listhub.w3.org; Tue, 09 Jul 2013 20:59:35 +0000
Received: from mail-oa0-f46.google.com ([209.85.219.46]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <jpinner@twitter.com>) id 1Uwf0Y-000603-C4 for ietf-http-wg@w3.org; Tue, 09 Jul 2013 20:59:35 +0000
Received: by mail-oa0-f46.google.com with SMTP id h1so8664388oag.33 for <ietf-http-wg@w3.org>; Tue, 09 Jul 2013 13:59:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=twitter.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Gj/6k/25zQYhDfx1jq8ou7oRC+v2ziGuttv+mJlTVmw=; b=SnWI699EMtPFXTRnoyapFpOgKbACGiLpMziIw/Hcii+WoFggoij4Qs1gVgWNzkdL31 4DRyX+hqjUhZwe2MR7wwcIY2q0nZtnRgA9m3CtyG4pi+A73x3l4Y3AQZM+FGfoNJLDvt MeR2RkCGHHH/uddH16pHUmbavJe9IJaHg9h+w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=Gj/6k/25zQYhDfx1jq8ou7oRC+v2ziGuttv+mJlTVmw=; b=K6ylGcXZrvvlrjVHCWCHGZr7dDYL2qjWWHpa8Iu/q9tpcnMzennf4xXQv+SzISr8bH mDCw9cyBdSP3iAMaHsNnRjUpQOAwwHP6HVFHItxXEVCmKscKil1Tl/qwFfRNy1yrKLjz lJz8Vn9upnkIOIfsDIfpbdHIrx2h7eZuKz4sxVya/cSabYbb2dTG8gxyV2RIq7T9/2WD +y/B+0deeEdvO3bqKmi0151UjkBeHRWOxLPXrzy8pK6U97vGw2P9GfcpY5kdurXn2I0j ZCdhV3pMpdgldCXCmTnye/Qkv3XFCLJ7o97uQwM/UINsRgHOvymSPrhNaM49n1p3uEJ9 z7gg==
MIME-Version: 1.0
X-Received: by 10.60.173.169 with SMTP id bl9mr26271096oec.51.1373403548433; Tue, 09 Jul 2013 13:59:08 -0700 (PDT)
Received: by 10.182.7.37 with HTTP; Tue, 9 Jul 2013 13:59:08 -0700 (PDT)
In-Reply-To: <A5F07EB0-894D-4D70-B3F1-925AF19AC573@apple.com>
References: <3072E3B4-63B4-4DFB-AFD8-08EE6407C6FB@apple.com> <CABkgnnWexuQb9vZPudJTJ+Gk0LAtcunWG1fThrk3Y_Eo9mDv=A@mail.gmail.com> <CA+pLO_gzNTpTabeuXE7SE+J8Bnx7ky3bnxdKLxB5A-DiAS01Uw@mail.gmail.com> <A5F07EB0-894D-4D70-B3F1-925AF19AC573@apple.com>
Date: Tue, 09 Jul 2013 13:59:08 -0700
Message-ID: <CA+pLO_jL63qxtFFvC=JN5iJSr2_B8KkBftX9K19M0x3qV7HOLw@mail.gmail.com>
From: Jeff Pinner <jpinner@twitter.com>
To: Michael Sweet <msweet@apple.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, list <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="089e011761c9a3507b04e11a6e0f"
X-Gm-Message-State: ALoCoQl1q3HvqmNtT1G+9zq11RuR92fTM+2CLb3OtHacBq3llJYtf0UY8C3rIqR3/W/ohjk5FCcH
Received-SPF: pass client-ip=209.85.219.46; envelope-from=jpinner@twitter.com; helo=mail-oa0-f46.google.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: AWL=-3.100, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1Uwf0Y-000603-C4 ee183d056507d0ed4c9aa8d012110653
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Comments on draft-ietf-httpbis-http2-04
Archived-At: <http://www.w3.org/mid/CA+pLO_jL63qxtFFvC=JN5iJSr2_B8KkBftX9K19M0x3qV7HOLw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18663
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I am all for adding text to the "Additional HTTP
Requirements/Considerations" sections that discuss how to upgrade from
HTTP/1.1 to HTTP/2.0, including what to do about how to handle specific
headers, Expect and Content-Length / Transfer-Encoding included. This would
be useful not just to implementers migrating to HTTP/2.0 but also to
proxies that upgrade/downgrade the protocol version.
That being said, the requirements around Message Length in HTTP/1.1 are
non-trivial and given that we want to support interoperability, I'd like to
minimize adding additional requirements (especially those with conflicting
semantics) in the HTTP/2.0 spec.
P.S. the httpbis messaging draft states:
If a message is received with both a Transfer-Encoding and a
Content-Length header field, the Transfer-Encoding overrides the
Content-Length. Such a message might indicate an attempt to
perform request or response smuggling (bypass of security-related
checks on message routing or content) and thus ought to be
handled as an error. A sender MUST remove the received Content-
Length field prior to forwarding such a message downstream.
it would be nice to strengthen that language so that it matches the
new HTTP/2.0 requirement.
On Tue, Jul 9, 2013 at 1:45 PM, Michael Sweet <msweet@apple.com> wrote:
> Jeff,
>
> There is a long history of HTTP/1.1 servers that did not support
> Transfer-Encoding: chunked, and the PWG and others have spent a good 15
> years harassing those (non-) implementors to get them to conform so we can
> do something other than print static files... :/
>
> So whether or not we have MUSTs in the sentence, I think it is important
> to clearly identify the migration path from HTTP/1.1 chunking to HTTP/2.0
> frames. Making the jump from HTTP/1.1 to HTTP/2.0 will be a major effort
> for most vendors, and given past performance I'd like to avoid any
> ambiguous language that leads to implementation bugs and interoperability
> issues - it makes for some messy code when such mistakes are put in ROMs
> that can't be updated...
>
>
> On Jul 9, 2013, at 3:50 PM, Jeff Pinner <jpinner@twitter.com> wrote:
>
> I would prefer we say something to the effect of:
>
> If a server receives a request with a "Content-Length" header and
> the sum of the DATA frame payload lengths does not equal the value
> of the "content-length" header field, the server MUST return a 400 (Bad
> Request) error.
>
> and remove any other MUSTs and SHOULDs. By the way, I would like to note
> that this is different than how the HTTP/1.1 spec handles
> Tranfser-Encoding. From RFC2616 Sec 4.4:
>
> If a message is received with both a Transfer-Encoding header field and a
> Content-Length header field, the latter MUST be ignored.
>
> - Jeff
>
>
> On Tue, Jul 9, 2013 at 12:40 PM, Martin Thomson <martin.thomson@gmail.com>wrote:
>
>> On 9 July 2013 10:12, Michael Sweet <msweet@apple.com> wrote:
>> > I am uncomfortable with this wording primarily because a lot of POST
>> usage
>> > consists of streamed content - my particular interest is obviously
>> printing,
>> > but any streamed content will necessarily not be able to provide a
>> > content-length header field. So instead I would suggest the following
>> two
>> > paragraphs instead:
>>
>> I think that your edits capture the spirit of what was intended by the
>> existing text, with far less ambiguity. Unless I get objections,
>> those can be integrated.
>>
>> > My other comment is that I don't see any discussion of the Expect
>> header,
>> > nor do I see a issue on Github...
>>
>> There was a brief discussion at the last interim. The feature is in
>> serious jeopardy. See #18:
>> https://github.com/http2/http2-spec/issues/18
>>
>>
>
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
>
>
- Comments on draft-ietf-httpbis-http2-04 Michael Sweet
- Re: Comments on draft-ietf-httpbis-http2-04 Martin Thomson
- Re: Comments on draft-ietf-httpbis-http2-04 Jeff Pinner
- Re: Comments on draft-ietf-httpbis-http2-04 Michael Sweet
- Re: Comments on draft-ietf-httpbis-http2-04 Michael Sweet
- Re: Comments on draft-ietf-httpbis-http2-04 Jeff Pinner
- Re: Comments on draft-ietf-httpbis-http2-04 Julian Reschke
- Re: Comments on draft-ietf-httpbis-http2-04 Jeff Pinner
- Re: Comments on draft-ietf-httpbis-http2-04 Julian Reschke
- Re: Comments on draft-ietf-httpbis-http2-04 Martin Thomson