Re: [Technical Errata Reported] RFC7230 (4667)

Alex Rousskov <> Fri, 15 April 2016 16:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C5BDC12D9C9 for <>; Fri, 15 Apr 2016 09:25:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.917
X-Spam-Status: No, score=-7.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id otba7BwBCIsw for <>; Fri, 15 Apr 2016 09:25:11 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2350812D854 for <>; Fri, 15 Apr 2016 09:25:10 -0700 (PDT)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1ar6UB-0002bS-Qz for; Fri, 15 Apr 2016 16:20:47 +0000
Resent-Date: Fri, 15 Apr 2016 16:20:47 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1ar6U6-0002ah-97 for; Fri, 15 Apr 2016 16:20:42 +0000
Received: from ([]) by with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <>) id 1ar6U4-0004vK-8n for; Fri, 15 Apr 2016 16:20:41 +0000
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 3FEEBE076; Fri, 15 Apr 2016 16:20:16 +0000 (UTC)
To: Willy Tarreau <>
References: <> <> <> <> <> <> <> <>
Cc: "Roy T. Fielding" <>, RFC Errata System <>, HTTP Working Group <>
From: Alex Rousskov <>
Message-ID: <>
Date: Fri, 15 Apr 2016 10:19:40 -0600
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-5.9
X-W3C-Hub-Spam-Report: AWL=-1.002, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1ar6U4-0004vK-8n ec551a5e74ef3ad7dc9a08afcfd88a72
Subject: Re: [Technical Errata Reported] RFC7230 (4667)
Archived-At: <>
X-Mailing-List: <> archive/latest/31475
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 04/14/2016 10:49 PM, Willy Tarreau wrote:
> On Thu, Apr 14, 2016 at 06:50:43PM -0600, Alex Rousskov wrote:
>> On 04/14/2016 04:39 PM, Roy T. Fielding wrote:
>>> Don't confuse the various lenient ways in which implementations parse
>>> HTTP with the requirements on generating HTTP messages that are
>>> defined by the ABNF. The ABNF is intended to be more restrictive.
>> I fully agree, but we are not discussing ABNF creation IMO. We are
>> discussing a syntax change by an HTTPbis RFC. To change HTTP/1 syntax
>> that has been in use for many years, the "Founders Intent" alone is not
>> enough IMHO. There must be other compelling reasons. The only other
>> reason given so far was "lack of known examples", followed by your
>> discussion of "space padding" as a known usage example. I expect the bar
>> for HTTP/1 syntax change to be significantly higher.

> Alex, it's not that black or white.

I wonder which part of my argument you consider to be "black or white".

> We focused on maximized interoperability,
> so you need to understand that when some people report that product X,Y or Z
> doesn't even support chunk extensions, that other products are simply broken
> regarding this and we realize that nobody produces them, it's natural to
> deprecate them.

Agreed. However, we are not discussing deprecation (that did not happen)
but the syntax change (that did). Those two issues are completely
different IMO.

> They were apparently re-added in a stricter way based on
> identified implementations to optimize the intersection between producers
> and consumers.

"Stricter way" does not automatically "optimize the intersection between
producers and consumers". Please re-read the history summary by Roy: The
WG removed whitespace because it was deemed "unnecessary", not because
there were any known implementations that did not support whitespace.
There is a big difference between "removing something that does not
break any known implementation" and "removing something that breaks
known implementations".

I understand that the WG did not know about implementations using
whitespace. However, using prior lack of knowledge to _justify_ leaving
a mistake in a *bis RFC seems strange.

> I do think that adding the BWS back could be enough. And maybe even adding
> the only one ICAP uses. 

The following two changes would be enough to cover _known_ use cases:

  1. BWS after ";" to accommodate the widely used ieof extension.
  2. BWS after chunk-size to accommodate space padding.

> After all it already took something like 5 years
> for someone to notice this change, maybe ICAP is the only exception to the
> rule and is sufficient to address without further breaking existing
> implementations.

For the record, I noticed the syntax change because of a incompatibility
bug report against the new Squid _HTTP_ parser. I discovered the fact
that it also breaks the extension used by ICAP while writing the errata.

I am saddened by your audacity to use the "5 years" argument to prove
correctness of a subtle syntax change in a *bis* RFC that was published
less than 2 years ago and that is not even applicable the latest
protocol version.

>>> And, no, it is NEVER a good idea for new IETF protocols to
>>> effectively alias other IETF protocols.
>> AFAICT, ICAP does not alias HTTP. It uses RFC 2616 to define HTTP
>> messages. This is similar to RFC 7230 using URI definitions from RFC
>> 3986. When URIbis obsoletes RFC 3986, I expect the authors to be very
>> careful not to accidentally invalidate HTTP/1 messages. IMHO, HTTPbis
>> should offer the same courtesy to ICAP.
> Not exactly in fact, RFC3507 says this :
>    ICAP is a request/response protocol similar in semantics and usage to
>    HTTP/1.1 [4].  Despite the similarity, ICAP is not HTTP, nor is it an
>    application protocol that runs over HTTP. (...) ICAP uses TCP/IP as a
>    transport protocol.
> So in short it allows implementers to save time by reusing their HTTP
> parsers but does not expect to be strictly compatible.

IMO, the above RFC 3507 text matches what I said and does not imply any
allowance for incompatibility with HTTP chunked encoding syntax. ICAP is
not HTTP but ICAP message bodies use HTTP chunked encoding.

> There are even
> some intended differences, such as :
>    Note in particular that the "Transfer-Encoding" option is not
>    allowed. (...) Encapsulated bodies MUST be transferred using the
>    "chunked" transfer-coding described in Section 3.6.1 of [4].
>    However, encapsulated headers MUST NOT be chunked.
> These ones alone prevent reliable forwarding over HTTP gateways. 

I am sorry, but I believe you misunderstand what ICAP is and, hence,
misinterpret its specs. ICAP does not use HTTP as transport and does not
work with HTTP agents. ICAP uses HTTP chunked _encoding_ for sending
HTTP message bodies over TCP connections between ICAP agents. The syntax
change in HTTPbis breaks ICAP use of HTTP chunked encoding.

> But I
> do agree that if we don't break anything by adding the BWS back it
> would be better, at least because we're now pretty sure that people
> who need to adapt their HTTP parsers to also support ICAP will support
> it anyway.

And we also know that HTTP agents use that whitespace for padding.