Re: #473, was: p7: forwarding Proxy-*

Mark Nottingham <mnot@mnot.net> Mon, 29 July 2013 13:41 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9448F21F9E80 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jul 2013 06:41:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.932
X-Spam-Level:
X-Spam-Status: No, score=-7.932 tagged_above=-999 required=5 tests=[AWL=2.667, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wEB9++dA9vdH for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jul 2013 06:41:05 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 013AE21F9EB0 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 29 Jul 2013 06:40:49 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V3ngF-00056h-Re for ietf-http-wg-dist@listhub.w3.org; Mon, 29 Jul 2013 13:40:07 +0000
Resent-Date: Mon, 29 Jul 2013 13:40:07 +0000
Resent-Message-Id: <E1V3ngF-00056h-Re@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1V3ng6-0003XA-L1 for ietf-http-wg@listhub.w3.org; Mon, 29 Jul 2013 13:39:58 +0000
Received: from mxout-08.mxes.net ([216.86.168.183]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1V3ng5-0004Yk-EK for ietf-http-wg@w3.org; Mon, 29 Jul 2013 13:39:58 +0000
Received: from dhcp-53cf.meeting.ietf.org (unknown [130.129.83.207]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 65F9C50A86; Mon, 29 Jul 2013 09:39:34 -0400 (EDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <51F66E8D.1090109@gmx.de>
Date: Mon, 29 Jul 2013 15:39:35 +0200
Cc: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <120946A4-C088-41B9-836E-50A59A1D5941@mnot.net>
References: <76583F5C-A175-42EA-B0A0-CB5663A5E3AC@mnot.net> <9E71BAB0-0D88-4B6E-B1A1-AA228349E3CA@gbiv.com> <27ED39F0-723C-4358-9A22-4AAEEC1BA912@mnot.net> <37ABC670-148B-4D7A-AE21-6692EFFC122F@gbiv.com> <3257D0DA-F6FA-4E24-919C-C4FB4864F69E@mnot.net> <51F4FB7F.3050807@gmx.de> <D9E38713-A86F-47BE-9124-D4EA88700BD3@mnot.net> <51F66E8D.1090109@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
X-Mailer: Apple Mail (2.1508)
Received-SPF: pass client-ip=216.86.168.183; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-1.5
X-W3C-Hub-Spam-Report: AWL=-1.521, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1V3ng5-0004Yk-EK 6e7fc5c37a15fd23a6f68f35e3cd73a6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #473, was: p7: forwarding Proxy-*
Archived-At: <http://www.w3.org/mid/120946A4-C088-41B9-836E-50A59A1D5941@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18954
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Jul 29, 2013, at 3:30 PM, Julian Reschke <julian.reschke@gmx.de>; wrote:

> On 2013-07-29 14:31, Mark Nottingham wrote:
>> The conclusion of the conversation was Roy's statement:
>> 
>>> No, I am just saying that Connection is not required; if it is not
>>> included in Connection, then the intention is that it be forwarded
>>> until consumed.  OTOH, if it is included in Connection, then it
>>> will be consumed or deleted by the immediate recipient.  AFAIK,
>>> these fields are not normally included in Connection, but there
>>> might be a good reason to if the proxy selection is complicated.
>> 
>> Which seems reasonable and no one has objected. However, p7 still says:
>> 
>>> Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and intermediaries should not forward it to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate header field.
> 
> Out of curiosity: why does the "SHOULD NOT" show up as "should not"?

Cut and paste of the HTML in Safari loses the uppercasing applied by the stylesheet, I think.


>> … with similar text for Proxy-Authorization. The "SHOULD NOT forward…" requirement is in conflict with the sentiment expressed above.
>> 
>> I've changed the target to p7.
> 
> OK.
> 
> So maybe change
> 
>  "Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and intermediaries SHOULD NOT forward it to downstream clients."
> 
> to
> 
>  "Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and *proxies* SHOULD NOT forward it to downstream clients."
> 
> This would allow non-proxy intermediaries to forward it.
> 

I think we need to make it a more discretionary thing; e.g.,

"Unlike WWW-Authenticate, the Proxy-Authenticate header field usually applies to the current connection, and proxies generally will consume it, rather than forwarding it to downstream clients."

With similar changes for Proxy-Authorization.

Make sense?


--
Mark Nottingham   http://www.mnot.net/