Re: New Version Notification for draft-kazuho-early-hints-status-code-00.txt
Cory Benfield <cory@lukasa.co.uk> Wed, 02 November 2016 10:04 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC0D9129A92 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Nov 2016 03:04:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.898
X-Spam-Level:
X-Spam-Status: No, score=-7.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lukasa-co-uk.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s43rwVULKQjX for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Nov 2016 03:04:56 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAEDD129976 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 2 Nov 2016 03:04:56 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c1sLU-0000IC-0c for ietf-http-wg-dist@listhub.w3.org; Wed, 02 Nov 2016 10:00:36 +0000
Resent-Date: Wed, 02 Nov 2016 10:00:36 +0000
Resent-Message-Id: <E1c1sLU-0000IC-0c@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <cory@lukasa.co.uk>) id 1c1sLO-0000HP-2g for ietf-http-wg@listhub.w3.org; Wed, 02 Nov 2016 10:00:30 +0000
Received: from mail-wm0-f41.google.com ([74.125.82.41]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <cory@lukasa.co.uk>) id 1c1sLG-0000BC-Hx for ietf-http-wg@w3.org; Wed, 02 Nov 2016 10:00:24 +0000
Received: by mail-wm0-f41.google.com with SMTP id n67so25674247wme.1 for <ietf-http-wg@w3.org>; Wed, 02 Nov 2016 03:00:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lukasa-co-uk.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fIgykZ2lQTtoz6z+WarPlRyNn/sFKXzaabDRQnAvW5M=; b=TZY3G6kyPJsLAeA4bLGbnQsAlFhbfCzWP7kQOQ/oTaVO8CqegMW4L6xAJCZXgKDf1c z39n+WnQhI1BxGlDqXXuPYG/SecmrHGS4jtfyi9RidPo130UKphNm80PHK275HCcbS4H XWGf9Ve12OgvjA/lkS21ZDlzfXcJR7KSpxE9V68XP0l/qw9hh2dv2/mrSbojPNrR8Pak tbTBemVHOygWZG/6EngzCtpVPzXSUF9e9hJLFCaw8mspzaJiptEdj7rKl9wj8+RrpbVG e4zkn6P289SuOWhKeSTKjxedtQqA+qthiBgqTEN+SXdfF5Z3RhCFjUC4+GIV68AYfcCS KleQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fIgykZ2lQTtoz6z+WarPlRyNn/sFKXzaabDRQnAvW5M=; b=HpO9VsshA3//91+YR4i5v5Panpehk0Uc9Y9AAnXWFomDYyDLZ0kxCNyQg4yGobvOdY iqmiy+VtMW4rK9NRGfXXtwNr8PwpDbl21BMydIjuROiBku3qOioluSh6skE0KcuHcFzr P+AQRjTERLAFQzZdghy+Twza6pHwv96Ciqg+1tiId4rAJSziZ97n1qBGIbsqLo9J6Uxl mOoykeb+XAsY3V44OliSdrb8FzqPsxwqlrjNhsmLGtsAHqJhdLEKPTGYYoFcs3SDSno6 YlogR0rYLt/4FG6/Xi2ygkEhzTIsE2sjeQw6E+DuHxCFgzT6hmmIcstwaj5HJMt0rbMt OJ1Q==
X-Gm-Message-State: ABUngvc151ZYI1ZqPsVyi4h2ulF3egyIk4eksQnSQ4uys4HZy9Xk2YBGivTJe7+zSHXXew==
X-Received: by 10.194.235.34 with SMTP id uj2mr2027871wjc.144.1478080795781; Wed, 02 Nov 2016 02:59:55 -0700 (PDT)
Received: from [192.168.1.5] (72.6.208.46.dyn.plus.net. [46.208.6.72]) by smtp.gmail.com with ESMTPSA id i10sm1758201wjd.15.2016.11.02.02.59.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Nov 2016 02:59:55 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Cory Benfield <cory@lukasa.co.uk>
In-Reply-To: <86EAA775-324C-41C9-87E0-9D04E51EE141@gbiv.com>
Date: Wed, 02 Nov 2016 09:59:53 +0000
Cc: Julian Reschke <julian.reschke@gmx.de>, Kazuho Oku <kazuhooku@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5D00C20A-0421-406A-AE2A-79E713507D02@lukasa.co.uk>
References: <147792294052.32397.15544665152412530374.idtracker@ietfa.amsl.com> <CANatvzwm_T-HW0yT1MAWEUrfw5OAVkmAZe890575qg8HuU9Z_Q@mail.gmail.com> <86447165-100C-407D-8512-A32F93B11BBA@lukasa.co.uk> <CANatvzzRvbEjy4AqDHeRtQfcJX0Ls14qJf0qv0QWZBMMd-HRnQ@mail.gmail.com> <5f155947-e74c-0761-b5d4-64f8aabec846@gmx.de> <F2EE2E10-9129-47D4-8C6E-BEE079503F34@lukasa.co.uk> <86EAA775-324C-41C9-87E0-9D04E51EE141@gbiv.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
X-Mailer: Apple Mail (2.3251)
Received-SPF: pass client-ip=74.125.82.41; envelope-from=cory@lukasa.co.uk; helo=mail-wm0-f41.google.com
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c1sLG-0000BC-Hx dec1562408c1f718d0ab2f555c8e3180
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-kazuho-early-hints-status-code-00.txt
Archived-At: <http://www.w3.org/mid/5D00C20A-0421-406A-AE2A-79E713507D02@lukasa.co.uk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32807
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
> On 1 Nov 2016, at 22:50, Roy T. Fielding <fielding@gbiv.com> wrote: > >> On Nov 1, 2016, at 1:17 AM, Cory Benfield <cory@lukasa.co.uk> wrote: >> >> I’m right there with you Julian. The 1XX response category gets to be another marker pointing us to the lesson the IETF has been learning for the past decade or so: extension points on a specification that no-one uses rust over time and become unusable. > > No. What I've learned is that every feature in every protocol is poorly > implemented by some poor soul who thinks they deserve special consideration > for their inability to interoperate with the future. I have, in the past, > consistently refused such considerations. I don’t understand where you think anyone who wrote a broken implementation is asking for special consideration. The only HTTP implementation I fully wrote is a HTTP/2 implementation that can handle 1XX codes per the specification. I certainly don’t need the special consideration for libraries I maintain, because I’ll be shipping patches for them. I am simply informing the IETF that the vast majority of widely deployed HTTP client libraries today will fail in the face of the 103 status code. Since I looked at Python I have gone back and looked at Ruby, Javascript, and Go, and the same remains true there. All of these languages have implementations that surface the 103 to the user and swallow the 200. So far curl and wget are the only widely-deployed non-browser implementations I have found that handle the 103 the way that RFC 7230 says they should. While we should praise those implementers, we should acknowledge that curl and wget are so widely deployed that they get bug reports for all the wacky edge cases in the way that the smaller implementations do not. (Yes, I called 1XX a wacky edge case, let’s all move on from it.) >> In this case, I think the 1XX problem is more oversight than anything else. The problems in all these cases are tractable, and can be fairly easily fixed. It’s just that someone needs to spend that time. > > They are easily fixed. Force the broken implementations to die in a miserable > way and teach people not to write crappy code. That fixes nothing. While I’m sure it’s emotionally satisfying to metaphorically slap developers around the face and scream “OBEY. THE. RFC” at them, the very existence of RFCs 7230+ is a good reminder that developers almost universally do not pay attention to the RFCs: they pay attention to the protocol *as encountered on the web*. That protocol has had for its entire lifetime only two 1XX status codes: 100 and 101. Protocol implementations almost universally handle those status codes correctly: just no others in the range. And that hasn’t mattered because no-one is *using* those other codes. And so, we have come to use an extension point that was written into the protocol 17 years ago and never used, and we have found that it is rusty. This should not be a surprise to us. We should be equally wary of all the other unused extension points in the protocol (chunk extensions, anyone?), because all will trigger this similar failure mode. Actually fixing this problem requires developer effort to write patches and to land them. I had already acknowledged this in the quote above: I was merely pointing out that we are locking the stable door after the horse has bolted. Thanks to the magic of long-term-support Linux releases the vast majority of deployed code today cannot handle the 103 status code, and that code will be with us for at least five years regardless of whether or not we patch the software. All of this *excludes* the alarming reality of the many millions of embedded HTTP/1.1 stacks which are implementing a protocol that is at best a second cousin to the one specified in RFCs 7230+. The odds of those tolerating this response are pretty low: I’d be pretty impressed if you could find one. > There is absolutely no reason to negotiate 1xx codes. If some application fails > because their developers can't read, it is not our responsibility to work around them. > If we do anyway, the entire Internet goes to crap (just like it has for HTML). > At most, we use User-Agent or Server to flag non-compliant implementations and > work around only specific versions of known-to-be-deployed breakage. Well, firstly, let me note that all currently-specced 1XX status codes *are* negotiated. While 100 Continue is allowed to be sent without an “Expect” header requesting it, in practice it never is, so user-agents that don’t send the “Expect" header will never see it. Similarly, 101 is only sent in response to requests with an “Upgrade” header, so once again user-agents that never emit an “Upgrade: header will never see it. So while the spec sure as hell says that 1XX codes can be sent whenever, in practice they are only seen by user-agents that ask to see them. Regardless, we can choose to flag non-compliant implementations. You’ll find, however, that the list of implementations is going to be pretty long. I have yet to bump into a HTTP implementation made available by a language standard library that handles 103 correctly, and most third-party implementations don’t either. That means the “known to be deployed” breakage basically includes almost every non-PHP web application deployed on the web today. What that means is that the user-agent field will not be used to flag non-compliant implementations, it will be used to flag *compliant* ones, as there are vastly more of the former than the latter. That means that Chrome, Safari, Firefox, Opera (maybe), curl, and wget will all get a pass, and everyone else will be “guilty until proven innocent”. That means that we are rolling out a feature that is expressly a "browsers-only” feature if we deploy it in this way. Let’s not pretend that the doors will be slowly opened as other implementations get their houses in order, because that’s not what will happen. What will happen, instead, is that the implementations that really are making a genuine effort to be of high quality but didn’t get around to this niche use-case yet because they’re somewhat less well-resourced than the others will be forever locked out of this feature, because there is no registry of “user-agents that support feature X” that can be updated. The only option they’ll have is to user-agent spoof, and I thought we were trying not to encourage that any more. I like this 103 status code, and I want it to be as widely deployable as possible. It seems like the easiest way to do that *today*, without causing server administrators angst about whether they’ll break their clients, is to use a header field that flags support of the feature. It’s certainly not mandatory, but the cost of it is pretty damn low. In the meantime, for HTTP/2, where the implementations are generally newer and of higher quality at this time, we can safely avoid negotiation if that makes you happier. Cory (Vaguely relatedly, Roy, your assertion that these implementations fail because “their developers can’t read” is one of the most grossly petty things I’ve read on this mailing list. Most of the implementations I’ve tested are open-source implementations that are maintained by one-to-two developers, part time. It turns out that the real world of implementing HTTP/1.1 is sufficiently complex that writing code to support a feature that has been used literally zero times prior to this moment was not high up the priority list of implementers. So it’s not that they "can’t read", it’s that they prioritised their work items to actually solve the problems their users have, and “being served unexpected 1XX status codes” wasn’t on that list. Clearly all us independent implementers are amateur-hour hacks with no business being on the web.)
- Fwd: New Version Notification for draft-kazuho-ea… Kazuho Oku
- Re: Fwd: New Version Notification for draft-kazuh… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- Re: New Version Notification for draft-kazuho-ear… Tatsuhiro Tsujikawa
- RE: New Version Notification for draft-kazuho-ear… Mike Bishop
- Re: New Version Notification for draft-kazuho-ear… Stefan Eissing
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- RE: New Version Notification for draft-kazuho-ear… Mike Bishop
- Re: New Version Notification for draft-kazuho-ear… Roy T. Fielding
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Patrick McManus
- Re: New Version Notification for draft-kazuho-ear… Werner Baumann
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- RE: New Version Notification for draft-kazuho-ear… Mike Bishop
- Re: New Version Notification for draft-kazuho-ear… Werner Baumann
- Re: New Version Notification for draft-kazuho-ear… Roy T. Fielding
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Willy Tarreau
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- Re: New Version Notification for draft-kazuho-ear… Andy Green
- Re: New Version Notification for draft-kazuho-ear… Werner Baumann
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- Re: New Version Notification for draft-kazuho-ear… Tatsuhiro Tsujikawa
- Re: New Version Notification for draft-kazuho-ear… Stefan Eissing
- RE: New Version Notification for draft-kazuho-ear… Mike Bishop
- Re: New Version Notification for draft-kazuho-ear… Roy T. Fielding
- Re: New Version Notification for draft-kazuho-ear… Mark Nottingham
- Re: New Version Notification for draft-kazuho-ear… Martin Thomson
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- RE: New Version Notification for draft-kazuho-ear… Mike Bishop
- Re: New Version Notification for draft-kazuho-ear… Mark Nottingham
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Alex Rousskov
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Alex Rousskov
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Kari Hurtta
- Re: New Version Notification for draft-kazuho-ear… Julian Reschke
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Cory Benfield
- Re: New Version Notification for draft-kazuho-ear… Kazuho Oku
- Re: New Version Notification for draft-kazuho-ear… Stefan Eissing