Re: Declarative HTTP Spec Test Suite

Daniel Stenberg <daniel@haxx.se> Mon, 27 May 2024 13:44 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79FD6C14F693 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 May 2024 06:44:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.749
X-Spam-Level:
X-Spam-Status: No, score=-2.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="ANVnYyIG"; dkim=pass (2048-bit key) header.d=w3.org header.b="RAfER8x5"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPGwLtlhAqKF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 May 2024 06:44:27 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CD5BC14F6F2 for <httpbisa-archive-bis2Juki@ietf.org>; Mon, 27 May 2024 06:44:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:MIME-Version:References:Message-ID:In-Reply-To: cc:To:From:Date:Reply-To; bh=Hum2sDstKCpB+w2rAKSP4NnOZQ6uCH40VbnZ6KvTdMg=; b= ANVnYyIGSPBRnXBq/7+LVByyX0Qqa2J6l9oNcgRLRGXWVXlQ/1V1Ns57nFyUdjSws0zuauICh652s j18CPEDivYSLxXNVhvPuuHACsanecuh1+ljAYtKP5X6zwH23zx6CJA+6Ped77SyjVM3R6aTG0BgDB JekqZdbj9zU+yJY87zzLDVRjP6khxYcjD9O3+KZpFmqN7cDMgIZNBMKJ6GRjzSMzaSsMlw0HVO+g1 11H79SpG7P145Nx1icWmfIYy63B6lSqeogBbcJ2XT7Ss62tLguuVUmIFoOF4lROg0tRk4LFql7Y6P 1ekEJD80aozt9o6apl3WysCG8BOPY7HoLw==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1sBadf-00CJcH-0F for ietf-http-wg-dist@listhub.w3.org; Mon, 27 May 2024 13:43:47 +0000
Resent-Date: Mon, 27 May 2024 13:43:47 +0000
Resent-Message-Id: <E1sBadf-00CJcH-0F@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <daniel@haxx.se>) id 1sBadc-00CJbM-2t for ietf-http-wg@listhub.w3.internal; Mon, 27 May 2024 13:43:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:MIME-Version:References:Message-ID:In-Reply-To:Subject: cc:To:From:Date:Reply-To; bh=Hum2sDstKCpB+w2rAKSP4NnOZQ6uCH40VbnZ6KvTdMg=; t=1716817424; x=1717681424; b=RAfER8x5Ia7b7zQwTg8tYIkBIi8d28r2dTX2KqwtezihVrD M9xFpgnpvtrwvBiZHew7qYPncCv1MnQXVJB0793ZN5UVlGL3CXytaptsYs2n4g5jExJAtXne7naXv hhRucjQeYsYdF08Jlx2Y6wgMwi4+FExamDOg4IZ9Kr+imw5MfsEngHtaj7uaHy3Dkpq2k+ns/Vdy4 LCtwTqFgqYViPrAQiEsZK3Z2cnc3J78jXJ+cEOBFLdU553yH6vfhqZ0brtfsKOzCT2qL1JoYj95ts gs9mMIuCd1sfbsHNGzRGsrEylNh6nzjt+lrBd6fYSPPIh/H6z2cwLi7OwjMj7DfQ==;
Received-SPF: pass (puck.w3.org: domain of haxx.se designates 2a02:750:7:3305::2aa as permitted sender) client-ip=2a02:750:7:3305::2aa; envelope-from=daniel@haxx.se; helo=silly.haxx.se;
Received: from silly.haxx.se ([2a02:750:7:3305::2aa]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <daniel@haxx.se>) id 1sBadb-001PcL-0B for ietf-http-wg@w3.org; Mon, 27 May 2024 13:43:44 +0000
Received: by silly.haxx.se (Postfix, from userid 1001) id 369C565797; Mon, 27 May 2024 15:43:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by silly.haxx.se (Postfix) with ESMTP id 35064805AF; Mon, 27 May 2024 15:43:38 +0200 (CEST)
Date: Mon, 27 May 2024 15:43:38 +0200
From: Daniel Stenberg <daniel@haxx.se>
To: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>
cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
In-Reply-To: <tPxvQGS7_bxKqrFish00m9LtTT_JQfE0RU1bthEcxYNTZR_uzbkEWKNOTg9c5azoZSYuDWt9pLCiS7Kd4nIWK8DPN1sOtcgbDGx4L7BeeU4=@caffeinatedwonders.com>
Message-ID: <6758o6r-8962-5nnq-q18p-59o7q9177rno@unkk.fr>
References: <tPxvQGS7_bxKqrFish00m9LtTT_JQfE0RU1bthEcxYNTZR_uzbkEWKNOTg9c5azoZSYuDWt9pLCiS7Kd4nIWK8DPN1sOtcgbDGx4L7BeeU4=@caffeinatedwonders.com>
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="-39887073-790029874-1716816169=:3408407"
Content-ID: <77434688-571-p65q-7651-po0o325nq84@unkk.fr>
X-W3C-Hub-Spam-Status: No, score=-2.0
X-W3C-Hub-Spam-Report: BAYES_20=-0.001, DMARC_MISSING=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1sBadb-001PcL-0B ccd9faf1a08b7e98abcbbb30f6b63da8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Declarative HTTP Spec Test Suite
Archived-At: <https://www.w3.org/mid/6758o6r-8962-5nnq-q18p-59o7q9177rno@unkk.fr>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51971
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sun, 26 May 2024, Mohammed Al Sahaf wrote:

> - Firefox fails the transfer on plaintext HTTP with 
> "NS_ERROR_NET_PARTIAL_TRANSFER"​; but with HTTPS connection, it only reads 
> and displays payload per the number of bytes stated in the header value.

As the lead developer of curl, I have found it easier to make curl be stricter 
than the browsers in some these areas - probably partly because we did it so 
from the beginning. But also: authoring a toolset that is often used to mimic 
or reproduce what a browser can do, we occasionally have to sacrifize spec 
compliance in order to allow the users to do exactly this. To rather mimic 
someone else's (non-compliant) behavior because that is what users expect. 
Because that's how the Internet works now. (Like in the case of URLs.)

> The first challenge is to find an HTTP client that implements HTTP Semantics 
> RFCs perfectly, otherwise its own idiosyncrasies will get in the way of the 
> validation. One would be tempted to default to curl​, especially that hurl​ 
> uses curl​ under the hood. However, there is a chance curl​ may have its ownn 
> set of HTTP idiosyncrasies that may affect the results of the test 
> execution. Changes to curl​ are probably not desired unless the subject 
> behavior is confirmed to be a defect. Involvement of curl​ is voluntary to 
> curl​, and the team may be looped and involved into this initiative for 
> comments if desired.

It is not really in curl's interest to reach a highscore in a compliance test 
if that means that it interoperates less good. curl is not a HTTP compliance 
meter, it is an internet transfer tool and library.

This said, we of course want to comply as far as possible, but whenever there 
is a fork in the road, the decision might not always be to go with the 
strictest language in the most recent RFC. I'm also sure we can find downright 
bugs or just protocol silliness even in curl's implementation.

Also, as has been discussed numerous times: the HTTP RFCs mostly describe how 
things should work and how to behave, not how to act when the other side does 
the wrong thing or how to fail etc.

-- 

  / daniel.haxx.se