Re: [Technical Errata Reported] RFC7230 (4667)

Alex Rousskov <rousskov@measurement-factory.com> Fri, 15 April 2016 16:25 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5BDC12D9C9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Apr 2016 09:25:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.917
X-Spam-Level:
X-Spam-Status: No, score=-7.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otba7BwBCIsw for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Apr 2016 09:25:11 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2350812D854 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Apr 2016 09:25:10 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ar6UB-0002bS-Qz for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Apr 2016 16:20:47 +0000
Resent-Date: Fri, 15 Apr 2016 16:20:47 +0000
Resent-Message-Id: <E1ar6UB-0002bS-Qz@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <rousskov@measurement-factory.com>) id 1ar6U6-0002ah-97 for ietf-http-wg@listhub.w3.org; Fri, 15 Apr 2016 16:20:42 +0000
Received: from mail.measurement-factory.com ([104.237.131.42]) by maggie.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <rousskov@measurement-factory.com>) id 1ar6U4-0004vK-8n for ietf-http-wg@w3.org; Fri, 15 Apr 2016 16:20:41 +0000
Received: from [65.102.233.169] (unknown [65.102.233.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.measurement-factory.com (Postfix) with ESMTPSA id 3FEEBE076; Fri, 15 Apr 2016 16:20:16 +0000 (UTC)
To: Willy Tarreau <w@1wt.eu>
References: <20160413160504.63AB6180006@rfc-editor.org> <20160413163615.GE3262@1wt.eu> <7D00E3E0-6502-4A53-BEA1-FF36E8AB3857@mnot.net> <FAF05BB6-A4DA-400E-9F92-550E215BC637@gbiv.com> <5710127C.1080007@measurement-factory.com> <38684D79-ED03-462E-8923-040EDD233F71@gbiv.com> <57103AE3.2090003@measurement-factory.com> <20160415044924.GF6355@1wt.eu>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, RFC Errata System <rfc-editor@rfc-editor.org>, HTTP Working Group <ietf-http-wg@w3.org>
From: Alex Rousskov <rousskov@measurement-factory.com>
Message-ID: <5711149C.9070000@measurement-factory.com>
Date: Fri, 15 Apr 2016 10:19:40 -0600
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160415044924.GF6355@1wt.eu>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=104.237.131.42; envelope-from=rousskov@measurement-factory.com; helo=mail.measurement-factory.com
X-W3C-Hub-Spam-Status: No, score=-5.9
X-W3C-Hub-Spam-Report: AWL=-1.002, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1ar6U4-0004vK-8n ec551a5e74ef3ad7dc9a08afcfd88a72
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Technical Errata Reported] RFC7230 (4667)
Archived-At: <http://www.w3.org/mid/5711149C.9070000@measurement-factory.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31475
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 04/14/2016 10:49 PM, Willy Tarreau wrote:
> On Thu, Apr 14, 2016 at 06:50:43PM -0600, Alex Rousskov wrote:
>> On 04/14/2016 04:39 PM, Roy T. Fielding wrote:
>>
>>> Don't confuse the various lenient ways in which implementations parse
>>> HTTP with the requirements on generating HTTP messages that are
>>> defined by the ABNF. The ABNF is intended to be more restrictive.
>>
>> I fully agree, but we are not discussing ABNF creation IMO. We are
>> discussing a syntax change by an HTTPbis RFC. To change HTTP/1 syntax
>> that has been in use for many years, the "Founders Intent" alone is not
>> enough IMHO. There must be other compelling reasons. The only other
>> reason given so far was "lack of known examples", followed by your
>> discussion of "space padding" as a known usage example. I expect the bar
>> for HTTP/1 syntax change to be significantly higher.

> Alex, it's not that black or white.

I wonder which part of my argument you consider to be "black or white".


> We focused on maximized interoperability,
> so you need to understand that when some people report that product X,Y or Z
> doesn't even support chunk extensions, that other products are simply broken
> regarding this and we realize that nobody produces them, it's natural to
> deprecate them.

Agreed. However, we are not discussing deprecation (that did not happen)
but the syntax change (that did). Those two issues are completely
different IMO.


> They were apparently re-added in a stricter way based on
> identified implementations to optimize the intersection between producers
> and consumers.

"Stricter way" does not automatically "optimize the intersection between
producers and consumers". Please re-read the history summary by Roy: The
WG removed whitespace because it was deemed "unnecessary", not because
there were any known implementations that did not support whitespace.
There is a big difference between "removing something that does not
break any known implementation" and "removing something that breaks
known implementations".

I understand that the WG did not know about implementations using
whitespace. However, using prior lack of knowledge to _justify_ leaving
a mistake in a *bis RFC seems strange.


> I do think that adding the BWS back could be enough. And maybe even adding
> the only one ICAP uses. 

The following two changes would be enough to cover _known_ use cases:

  1. BWS after ";" to accommodate the widely used ieof extension.
  2. BWS after chunk-size to accommodate space padding.


> After all it already took something like 5 years
> for someone to notice this change, maybe ICAP is the only exception to the
> rule and is sufficient to address without further breaking existing
> implementations.

For the record, I noticed the syntax change because of a incompatibility
bug report against the new Squid _HTTP_ parser. I discovered the fact
that it also breaks the extension used by ICAP while writing the errata.

I am saddened by your audacity to use the "5 years" argument to prove
correctness of a subtle syntax change in a *bis* RFC that was published
less than 2 years ago and that is not even applicable the latest
protocol version.


>>> And, no, it is NEVER a good idea for new IETF protocols to
>>> effectively alias other IETF protocols.
>>
>> AFAICT, ICAP does not alias HTTP. It uses RFC 2616 to define HTTP
>> messages. This is similar to RFC 7230 using URI definitions from RFC
>> 3986. When URIbis obsoletes RFC 3986, I expect the authors to be very
>> careful not to accidentally invalidate HTTP/1 messages. IMHO, HTTPbis
>> should offer the same courtesy to ICAP.
> 
> Not exactly in fact, RFC3507 says this :
> 
>    ICAP is a request/response protocol similar in semantics and usage to
>    HTTP/1.1 [4].  Despite the similarity, ICAP is not HTTP, nor is it an
>    application protocol that runs over HTTP. (...) ICAP uses TCP/IP as a
>    transport protocol.
> 
> So in short it allows implementers to save time by reusing their HTTP
> parsers but does not expect to be strictly compatible.

IMO, the above RFC 3507 text matches what I said and does not imply any
allowance for incompatibility with HTTP chunked encoding syntax. ICAP is
not HTTP but ICAP message bodies use HTTP chunked encoding.


> There are even
> some intended differences, such as :
> 
>    Note in particular that the "Transfer-Encoding" option is not
>    allowed. (...) Encapsulated bodies MUST be transferred using the
>    "chunked" transfer-coding described in Section 3.6.1 of [4].
>    However, encapsulated headers MUST NOT be chunked.
> 
> These ones alone prevent reliable forwarding over HTTP gateways. 

I am sorry, but I believe you misunderstand what ICAP is and, hence,
misinterpret its specs. ICAP does not use HTTP as transport and does not
work with HTTP agents. ICAP uses HTTP chunked _encoding_ for sending
HTTP message bodies over TCP connections between ICAP agents. The syntax
change in HTTPbis breaks ICAP use of HTTP chunked encoding.



> But I
> do agree that if we don't break anything by adding the BWS back it
> would be better, at least because we're now pretty sure that people
> who need to adapt their HTTP parsers to also support ICAP will support
> it anyway.

And we also know that HTTP agents use that whitespace for padding.

Alex.