RE: alt-svc and proxies

Piotr Galecki <piotr_galecki@affirmednetworks.com> Tue, 05 January 2016 06:06 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1CEF1B2B9A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 4 Jan 2016 22:06:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KxppAiXWMdrn for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 4 Jan 2016 22:06:26 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8AFF1B2B9D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 4 Jan 2016 22:06:24 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aGKhU-0007Yy-51 for ietf-http-wg-dist@listhub.w3.org; Tue, 05 Jan 2016 06:02:32 +0000
Resent-Date: Tue, 05 Jan 2016 06:02:32 +0000
Resent-Message-Id: <E1aGKhU-0007Yy-51@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <piotr_galecki@affirmednetworks.com>) id 1aGKhP-0007Y6-Bj for ietf-http-wg@listhub.w3.org; Tue, 05 Jan 2016 06:02:27 +0000
Received: from hub021-ca-4.exch021.serverdata.net ([64.78.22.171]) by maggie.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <piotr_galecki@affirmednetworks.com>) id 1aGKhN-0000Jt-Ah for ietf-http-wg@w3.org; Tue, 05 Jan 2016 06:02:26 +0000
Received: from MBX021-W3-CA-2.exch021.domain.local ([10.254.4.78]) by HUB021-CA-4.exch021.domain.local ([10.254.4.39]) with mapi id 14.03.0266.001; Mon, 4 Jan 2016 22:01:56 -0800
From: Piotr Galecki <piotr_galecki@affirmednetworks.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: alt-svc and proxies
Thread-Index: AQHRRqAd6t9qQxJyC0ajN3wfUaiTTZ7rPvgAgAEp7Xk=
Date: Tue, 05 Jan 2016 06:01:55 +0000
Message-ID: <2C515BE8694C6F4B9B6A578BCAC32E2F6D53A153@MBX021-W3-CA-2.exch021.domain.local>
References: <2C515BE8694C6F4B9B6A578BCAC32E2F6D538FCC@MBX021-W3-CA-2.exch021.domain.local>, <CABkgnnXCsjxvNN9F+4PDwrenRg8Or_b7Sp19TRXYbUbawmN+xg@mail.gmail.com>
In-Reply-To: <CABkgnnXCsjxvNN9F+4PDwrenRg8Or_b7Sp19TRXYbUbawmN+xg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [74.104.133.106]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: pass client-ip=64.78.22.171; envelope-from=piotr_galecki@affirmednetworks.com; helo=hub021-ca-4.exch021.serverdata.net
X-W3C-Hub-Spam-Status: No, score=-5.4
X-W3C-Hub-Spam-Report: AWL=-0.817, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1aGKhN-0000Jt-Ah 876a419788204764887f6c8b43391aff
X-Original-To: ietf-http-wg@w3.org
Subject: RE: alt-svc and proxies
Archived-At: <http://www.w3.org/mid/2C515BE8694C6F4B9B6A578BCAC32E2F6D53A153@MBX021-W3-CA-2.exch021.domain.local>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/30848
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Yes, proxy is a client (and server) based on the definition you provided.
That clarifies it, thank you.

Even though it is not required Forward Proxy could still strip Alt-Svc header since the header has no use to user agent
and it could only have undesirable consequences if user-agent incorrectly implements alt services.

The draft does not clarify that origin server should be used for proxy selection.
Perhaps the following would make it more clear?
"A client SHOULD use origin, rather than alternative service, when evaluating configuration rules for proxy selection. If a proxy was selected for a given request the client SHOULD NOT directly connect to an alternative service for this request, but instead route it through that proxy."

________________________________________
From: Martin Thomson [martin.thomson@gmail.com]
Sent: Sunday, January 03, 2016 10:50 PM
To: Piotr Galecki
Cc: HTTP Working Group
Subject: Re: alt-svc and proxies

We've discussed intermediation a lot on this list and concluded that
the current text was adequate.

A proxy in the sense you are concerned about is a client, as you can
see from https://httpwg.github.io/specs/rfc7230.html#operation

A proxy can forward Alt-Svc because clients that are configured to use
a proxy for a request will do so regardless of what they learn about
alternative services:

> A client configured to use a proxy for a given request SHOULD NOT directly connect to an alternative service for this request, but instead route it through that proxy.
-- https://httpwg.github.io/http-extensions/alt-svc.html#switching

On 4 January 2016 at 14:32, Piotr Galecki
<piotr_galecki@affirmednetworks.com> wrote:
> When reviewing the alt-svc draft it is not entirely clear to me from the draft how proxies should process Alt-Svc headers and
> how they should behave when a response with the Alt-Svc header is received.
> This should be defined.
>
> IMO Alt-Svc header support should be required from proxies going forward.
> Proxies should behave in the same/similar way as clients in respect to Alt-Svc headers.
> They should cache information about alternative service available
> and use the alt service for subsequent requests to origin.
> Forward proxies supporting alternative services should also remove Alt-Svc headers
> when forwarding a response to client.
> This is because the protocol used for the client to proxy connection is defined (by user or WPAD) in proxy configuration settings
> and it should not be modified by the alternative service header.
>
> I'd like to propose the following changes:
>
> - change "client" to "client (or intermediary)" in the text throughout the draft wherever appropriate
>
> - possibly to section 2.4 or other add text:
>   "Intermediaries when receiving a response with Alt-Svc header SHOULD cache the availability of the alternative service
>    and use the alt service when forwarding subsequent requests to the origin,  provided the alternative service information is fresh.
>    In order to continue using the user (or WPAD) configured protocol for the client to proxy connection
>    forward proxies supporting alternative services SHOULD remove Alt-Svc header when forwarding a response to client."
>
> Thanks,
> Piotr
>