Re: draft-ietf-httpbis-jfv: what's next

Matt Menke <mmenke@google.com> Wed, 19 October 2016 14:36 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EBB41294B0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Oct 2016 07:36:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.931
X-Spam-Level:
X-Spam-Status: No, score=-6.931 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.431, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9u7SOLn0s-xd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 19 Oct 2016 07:36:41 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCBC112944D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 19 Oct 2016 07:36:41 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bwruB-0007xz-Ae for ietf-http-wg-dist@listhub.w3.org; Wed, 19 Oct 2016 14:31:43 +0000
Resent-Date: Wed, 19 Oct 2016 14:31:43 +0000
Resent-Message-Id: <E1bwruB-0007xz-Ae@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mmenke@google.com>) id 1bwru5-0007w0-LU for ietf-http-wg@listhub.w3.org; Wed, 19 Oct 2016 14:31:37 +0000
Received: from mail-qt0-f171.google.com ([209.85.216.171]) by maggie.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mmenke@google.com>) id 1bwrtV-0006Qn-35 for ietf-http-wg@w3.org; Wed, 19 Oct 2016 14:31:33 +0000
Received: by mail-qt0-f171.google.com with SMTP id m5so21729678qtb.3 for <ietf-http-wg@w3.org>; Wed, 19 Oct 2016 07:30:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fvdSmmQUIfLMr1Sofp2WWVSBVv11PrG55gcAZly5o3E=; b=I/lT4Yahvcq0kDbMPVXalcVusuEtTddUj+CYLjxBAGw5mOB1FEk27QxJbzjvEBiowc k1PoYGa8r04hDcMGBFDEAmgUNsUw7AZOQylKh392CpOToWZ8mI9h8SLl2f98zuH5q0Qm gXWG4ZOInx06bEW4Hx+/HDN/T31BRFrMdSPcLFc4Ire4sxaTvB7QJngI1b+33AqSgdBn ijsV3JbvXXoMxOALkCt57LhzxrYsnaxF4AhoXwMQWK9GgzNJFOPg0o4EtFhQPMzqkrWc mCUbfiuDb7wXfaAwG9E63eIp7mWbZNV2U2oQEoZAHBkAfUwxJb6bGry36C/41n63IZEf EuYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fvdSmmQUIfLMr1Sofp2WWVSBVv11PrG55gcAZly5o3E=; b=JPxOHu2GjBkuUNirV3RqFUursoaTWzdZwsDQfhOwbg0l5U6mIuASsQ50D+r8TvAa+e n6bhtlup8R25S58/H+JnBcAjU50ixJ1DpJzD3jRl8mMrMljaxCf1ka0qKd4jdEqHgG7r Gqks9jvCSJSqs8HWtatyk5ZnZPmaOUHjwNq1F77VmevKxHdcFjBfioe6J71Y3gkz28zX VAMbuSvMc+OClhgPJspQZR9LEqqnwk1jQwhniDp9yflLBf/7krcYz/rNhyPTVy5tQwoQ kkhM5qQHha7tMiynro+uObLDzTQaCetjw9otL3cMeLzJwiYN3BfBhgA+GmlRIQCnHQjU Vdhg==
X-Gm-Message-State: AA6/9Rl5EiNhbaosMaG88CoYefLvsIdq2GOG/KEBCeiS/65w1k0yBcBkA2Fuyl7GwR68PanqTsz8XCFhIEw9931z
X-Received: by 10.28.103.70 with SMTP id b67mr3118828wmc.74.1476887431693; Wed, 19 Oct 2016 07:30:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.34.170 with HTTP; Wed, 19 Oct 2016 07:30:30 -0700 (PDT)
In-Reply-To: <2234bba0-5100-e5f5-ee9e-da81bafe1235@mozilla.com>
References: <CAEK7mvoXqyX3cADJytjU+C158EULgPLbzAb5kiUN=8WWxhi29Q@mail.gmail.com> <78301.1476524467@critter.freebsd.dk> <CAEK7mvomoxSqTs5APVj=ZzG2wDz24PhJtsSibGQq2oGkv-zcLg@mail.gmail.com> <48285.1476737617@critter.freebsd.dk> <CAEK7mvr_RWR6RbeXE47Ap4Vh21anu5mHTqaxbwtTmA1ZLQ1dmQ@mail.gmail.com> <48364.1476738075@critter.freebsd.dk> <CAEK7mvp5zDw7uo6ZP3KOhQiWWDuoEBAay5wPWYRgpoCNgnsidw@mail.gmail.com> <48410.1476738879@critter.freebsd.dk> <alpine.DEB.2.20.1610172343280.30521@tvnag.unkk.fr> <2234bba0-5100-e5f5-ee9e-da81bafe1235@mozilla.com>
From: Matt Menke <mmenke@google.com>
Date: Wed, 19 Oct 2016 10:30:30 -0400
Message-ID: <CAEK7mvpkN-wSN7HaEpT9T=W4wv4kW+i5RQHkxfUR2STcnV8SPA@mail.gmail.com>
To: Frederik Braun <fbraun@mozilla.com>
Cc: Daniel Stenberg <daniel@haxx.se>, Poul-Henning Kamp <phk@phk.freebsd.dk>, HTTP working group mailing list <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary=001a114b2fc4bdc3c7053f38a6fc
Received-SPF: pass client-ip=209.85.216.171; envelope-from=mmenke@google.com; helo=mail-qt0-f171.google.com
X-W3C-Hub-Spam-Status: No, score=0.5
X-W3C-Hub-Spam-Report: RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, TIME_LIMIT_EXCEEDED=
X-W3C-Scan-Sig: maggie.w3.org 1bwrtV-0006Qn-35 0c09fa881c8e1564eb5662925f8b2415
X-Original-To: ietf-http-wg@w3.org
Subject: Re: draft-ietf-httpbis-jfv: what's next
Archived-At: <http://www.w3.org/mid/CAEK7mvpkN-wSN7HaEpT9T=W4wv4kW+i5RQHkxfUR2STcnV8SPA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32635
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

With Chrome, about 0.003% of main frame responses are detected as HTTP/0.9,
and 0.005% of subresources are HTTP/0.9.  Since HTTP/0.9 includes no
explicit identifying headers, some of these could be broken servers
responding with nonsense data.

We actually did try to go it alone in remove HTTP/0.9 support, but soon
backed off after trying it in our pre-release channels, because of the
aforementioned incident with the configuration page of a line of home
routers.

On Wed, Oct 19, 2016 at 4:57 AM, Frederik Braun <fbraun@mozilla.com> wrote:

> On 17.10.2016 23:43, Daniel Stenberg wrote:
> > On Mon, 17 Oct 2016, Poul-Henning Kamp wrote:
> >
> >> Do you really still see HTTP/0.9 reponses in the wild ?
> >
> > Yes. Of course subject to debate around what "in the wild" means...
> >
>
> There was a recent security bug with regards to HTTP/0.9 compat [1] that
> suggested a coordinated fix among multiple browsers. Browser vendors
> decided that they'd start off killing HTTP/0.9 compat on non-standard
> ports only, because overall usage was still too high.
> Firefox has HTTP 0.9 usage data[2] and so do other browsers. Please
> chime in.
>
> Hope that helps,
> Frederik
>
>
>
> [1] See entry in Bugzilla with links to Webkit and Chrome bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1262128
> [2] I'm new to our telemetry dashboard, so maybe there could be a more
> useful graph than this one
>  https://telemetry.mozilla.org/new-pipeline/dist.html#!
> cumulative=0&end_date=2016-09-22&keys=__none__!__none__!__
> none__&max_channel_version=release%252F49&measure=HTTP_
> 09_INFO&min_channel_version=null&product=Firefox!Fennec&
> sanitize=1&sort_keys=submissions&start_date=2016-09-16&table=0&trim=1&use_
> submission_date=0
>
>
>