Re: Declarative HTTP Spec Test Suite

Mohammed Al Sahaf <mohammed@caffeinatedwonders.com> Mon, 27 May 2024 23:14 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C04F5C14CE52 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 May 2024 16:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.849
X-Spam-Level:
X-Spam-Status: No, score=-2.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="NV6lHaPa"; dkim=pass (2048-bit key) header.d=w3.org header.b="kJFLzP/n"; dkim=pass (2048-bit key) header.d=caffeinatedwonders.com header.b="HU6FL5ul"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dnjp6_6Pj6TB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 May 2024 16:14:02 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E89CBC14F721 for <httpbisa-archive-bis2Juki@ietf.org>; Mon, 27 May 2024 16:14:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:MIME-Version:References:In-Reply-To:Message-ID: Cc:From:To:Date:Reply-To; bh=WphJyOKIjixqu5EgWo0MjGoOBIh08z7rvsYy9cD553g=; b= NV6lHaPa8LGVBkorbD73x1p+bIlnUzZKmH5KIbP+MimV1rxPxsRJuPozbCKcMjJfgpj+xFPOx5C+z HfWlmlNX+rAyZGX9V36BlaRWkqyvh6qqB56e292+HWeZYxhKh1+6tmwrr03FEAydeyDpPFVFCkvkv pGyjOVBrp2nHQddz1coLabZCjJFs2/Qo3/bAgEwoadtW2PmngthS+ZdwyO+pRfVO3DlTJEhXAiwkI FuxVulDXJlAfJN9By3rXginh/TYOpaMS8B+Q3nIzgi+1nvJXf7dsSofJ2c4BthVqx4BX793R9jl7i w20USOybWAyhtETp8xReJeEzRRGpSXb/xw==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1sBjWn-00DSoQ-07 for ietf-http-wg-dist@listhub.w3.org; Mon, 27 May 2024 23:13:17 +0000
Resent-Date: Mon, 27 May 2024 23:13:17 +0000
Resent-Message-Id: <E1sBjWn-00DSoQ-07@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mohammed@caffeinatedwonders.com>) id 1sBjWl-00DSnS-0U for ietf-http-wg@listhub.w3.internal; Mon, 27 May 2024 23:13:15 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject: Cc:From:To:Date:Reply-To; bh=WphJyOKIjixqu5EgWo0MjGoOBIh08z7rvsYy9cD553g=; t=1716851595; x=1717715595; b=kJFLzP/nCpZWEg1O9cDIuFCqz+lm7u7g70d4VYQ6meojhxo J9tncIcpo58/JBuwsY3BQAch2ooqKC5rYghCwXBkWZNseZ6iOKpAOvhqxPLbGombNG45o12GV+qNF P/axEdpfdNk/HwjfBordlY/v+74uhhbTkPSYSFGX/hBjQaynYoiFmrGu5XmvWr4wGyjyimPogd+ll PQppDO/HCR8ud8ceyCMNzOloqQmgfgQgIYmnZ8NbxpauMf0fpVAsBbBAbmMdbXlTA9CB0Y8FiFFgZ TLjjjh3GoauODZF73BO+OWeKgmp4xOOfWjnEKTHYy/fx0r+IPk69fH8XZ80U7DUA==;
Received-SPF: pass (puck.w3.org: domain of caffeinatedwonders.com designates 185.70.43.23 as permitted sender) client-ip=185.70.43.23; envelope-from=mohammed@caffeinatedwonders.com; helo=mail-4323.proton.ch;
Received: from mail-4323.proton.ch ([185.70.43.23]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mohammed@caffeinatedwonders.com>) id 1sBjWk-001XEP-0Y for ietf-http-wg@w3.org; Mon, 27 May 2024 23:13:15 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=caffeinatedwonders.com; s=protonmail3; t=1716851589; x=1717110789; bh=WphJyOKIjixqu5EgWo0MjGoOBIh08z7rvsYy9cD553g=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=HU6FL5ulls6Tjdd4lOozfDWd+2ELBXpYD98rwO4VMgasWfaIaX5UZK/Kyu0K1QNOT H3Ivtb4uv5xDHu1EHreSq0o+0CxyBlLQRNdXP7Qth+H7wfERH0CkW/iUPOP/K99fuj QYRHdReR4RLB1iz+wZrA4j7nfTT+kAbv0WIEHFnEfacxf9WcEvtuACndipwCKyCgIs Cb3nl1YgYnNN9sWyIszkryVl0Yh64v4AbcEJdaoOLWorWOKDc6ckL751CsXA78ODSg mmCbyD4YSTECoBi9YZao9oOb57HecsWSWL5VjH+3hxdAAZ+etM3AbBojKcgMOAOJwU jukhkZjEvAI3g==
Date: Mon, 27 May 2024 23:13:05 +0000
To: Daniel Stenberg <daniel@haxx.se>
From: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <1FXVFW5A0xCTs9rXwXRVdjbxq-JtXQZhX50amFR4sWpwe_UaYxrswkQGsq5FD-WzmN0jdaCNEiGnzp6ToBS3HQz1CP9H99LZXiXzQqhJwH4=@caffeinatedwonders.com>
In-Reply-To: <6758o6r-8962-5nnq-q18p-59o7q9177rno@unkk.fr>
References: <tPxvQGS7_bxKqrFish00m9LtTT_JQfE0RU1bthEcxYNTZR_uzbkEWKNOTg9c5azoZSYuDWt9pLCiS7Kd4nIWK8DPN1sOtcgbDGx4L7BeeU4=@caffeinatedwonders.com> <6758o6r-8962-5nnq-q18p-59o7q9177rno@unkk.fr>
Feedback-ID: 74227028:user:proton
X-Pm-Message-ID: 36a6200021f27a2ba6ecbf94333d2ec06403ead0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-W3C-Hub-DKIM-Status: validation passed: (address=mohammed@caffeinatedwonders.com domain=caffeinatedwonders.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1sBjWk-001XEP-0Y dee21e386a4b4265c192d4a683fab3cc
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Declarative HTTP Spec Test Suite
Archived-At: <https://www.w3.org/mid/1FXVFW5A0xCTs9rXwXRVdjbxq-JtXQZhX50amFR4sWpwe_UaYxrswkQGsq5FD-WzmN0jdaCNEiGnzp6ToBS3HQz1CP9H99LZXiXzQqhJwH4=@caffeinatedwonders.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51973
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Monday, May 27th, 2024 at 4:43 PM, Daniel Stenberg <daniel@haxx.se> wrote:

> On Sun, 26 May 2024, Mohammed Al Sahaf wrote:
> 
> > - Firefox fails the transfer on plaintext HTTP with
> > "NS_ERROR_NET_PARTIAL_TRANSFER"; but with HTTPS connection, it only reads
> > and displays payload per the number of bytes stated in the header value.
> 
> 
> As the lead developer of curl, I have found it easier to make curl be stricter
> than the browsers in some these areas - probably partly because we did it so
> from the beginning. But also: authoring a toolset that is often used to mimic
> or reproduce what a browser can do, we occasionally have to sacrifize spec
> compliance in order to allow the users to do exactly this. To rather mimic
> someone else's (non-compliant) behavior because that is what users expect.
> Because that's how the Internet works now. (Like in the case of URLs.)

I hear you. But how do you reconcile the need to mimic non-compliant behavior with behavior that varies across different agents? In the example I cited, when Content-Length reports fewer bytes than the payload, Chrome (sometimes) ignores the header, Firefox (sometimes) respects the header, while curl behaves consistently. The users' expectations aren't clear. I also wonder what other areas are there differing behavior as this case and what could be the impact, though they're likely edge-cases because no one complained loudly yet.

> > The first challenge is to find an HTTP client that implements HTTP Semantics
> > RFCs perfectly, otherwise its own idiosyncrasies will get in the way of the
> > validation. One would be tempted to default to curl, especially that hurl
> > uses curl under the hood. However, there is a chance curl may have its ownn
> > set of HTTP idiosyncrasies that may affect the results of the test
> > execution. Changes to curl are probably not desired unless the subject
> > behavior is confirmed to be a defect. Involvement of curl is voluntary to
> > curl, and the team may be looped and involved into this initiative for
> > comments if desired.
> 
> 
> It is not really in curl's interest to reach a highscore in a compliance test
> if that means that it interoperates less good. curl is not a HTTP compliance
> meter, it is an internet transfer tool and library.
> 
> This said, we of course want to comply as far as possible, but whenever there
> is a fork in the road, the decision might not always be to go with the
> strictest language in the most recent RFC. I'm also sure we can find downright
> bugs or just protocol silliness even in curl's implementation.
>
> Also, as has been discussed numerous times: the HTTP RFCs mostly describe how
> things should work and how to behave, not how to act when the other side does
> the wrong thing or how to fail etc.

Clear, and that's sensible and pragmatic. The goal is to find where the implementations disagree, identify the gaps, and perhaps retrofit the fixes into the protocol definition. I believe it'll be valuable to know the situations of "This is where X differs from {the rest, RFC}". Maybe it's a bug in the implementation. Maybe it's not an oversight, rather the devs have a good reason for sidestepping that part of the spec. Maybe it's a bug in the spec. What I hope to achieve with this is to shine a spotlight on the various implementations to find those dark corners. It'd be like the [Can I Use](https://caniuse.com/) comparison table.


All the best,
Mohammed