Re: Martin Duke's Discuss on draft-ietf-httpbis-header-structure-18: (with DISCUSS and COMMENT)

Mark Nottingham <> Mon, 18 May 2020 05:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 40F573A07B3 for <>; Sun, 17 May 2020 22:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.849
X-Spam-Status: No, score=-0.849 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=S4QiwUqZ; dkim=pass (2048-bit key) header.b=z18gvWi2
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OLSHWAIF7DwY for <>; Sun, 17 May 2020 22:36:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BDBBF3A07A6 for <>; Sun, 17 May 2020 22:36:13 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1jaYOQ-0004ZX-1f for; Mon, 18 May 2020 05:32:50 +0000
Resent-Date: Mon, 18 May 2020 05:32:50 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1jaYOO-0004Yh-4E for; Mon, 18 May 2020 05:32:48 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1jaYOL-0001BK-Lc for; Mon, 18 May 2020 05:32:47 +0000
Received: from compute4.internal (compute4.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id DD8C95B0E; Mon, 18 May 2020 01:32:30 -0400 (EDT)
Received: from mailfrontend2 ([]) by compute4.internal (MEProxy); Mon, 18 May 2020 01:32:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=/ qGYbYAO9C0/Jnmh0vJAsmvpXrp1JmgbWfxxJ+xYwho=; b=S4QiwUqZ3o/J26D9y VdQff1gjTVdESk+IDnEnpB9DOQ/ooTcQoyw66YJFGYEJrKAWZy1EMJfSqf1/e1Kn UE/3BeCARn6j6mI4lvPkXjlrJRa2ziFg+xj0SkfZUTtDataBYMG7p4E6JLTdl/el JS/lY/Gg12n/78DE4I/8MPOlayGhJzAirFDKvge8UQy1cVZUICUcfk9bVwJYRml0 UJ+gE7omKPHppWG3Pud/Fpqq0YgQT5Gt+osIq7ka1/Cw7BNYq0NbhuKf2BmmkXpJ 6nq4HKiveBGDVKjrHutq22ZJ5dIUqGOKOerwn093/jwp/+ByVhmBB7GotOoAfzkI VF/yg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=/qGYbYAO9C0/Jnmh0vJAsmvpXrp1JmgbWfxxJ+xYw ho=; b=z18gvWi2buvOqdwmyCQWxg5r3ovcDdTkFpIL39LlQ/YS2/27Vos1BtETJ Vxvs+LjaZtf0G2NhHJ54PYViLsqPkxAQj6lvVjp0TdaF8aQaLM/brAtLXUWpZSRK X5ZE/fuXWeEdNVofrp85h7yV1XfhPJEkd6lP6nVASyqkZ+IzFHUjnEpeG3F1u8mj kYSvk6xX10agwtN9oMMiBYA9QUiLzNFEpyVtODD5eiw64f4XxPt5yQTGKZLm/Pr6 nEXa1igCM4h6aUMyWPYJFSqXMFdGy6F+XbaHYMTFTQhn/fKyS3coX7E9CUbXjMUq 61KmyX8uesvt+R8T07zNVOz2TVGow==
X-ME-Sender: <xms:7R3CXjNphH_vrKktUBom2nyjuPGtZOjfgPYCesSeg1tS3tYa2oYcSg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedruddtgedgleegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtvdenucfhrhhomhepofgrrhhk ucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhnohhtrdhnvghtqeenucggtffrrghtth gvrhhnpeelffdvueevffffkeeggfffueegheelkeekteejlefhleekveekudeiieevvdet gfenucffohhmrghinhepghhithhhuhgsrdgtohhmpdhmnhhothdrnhgvthenucfkphepud duledrudejrdduheekrddvhedunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm pehmrghilhhfrhhomhepmhhnohhtsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:7R3CXt-43r5f4oeCLiFMAeca1CoOmqYBvejUOGpnSHX8b5fo-dwMGg> <xmx:7R3CXiRp4SXedxwRgrb1PZX9NdpOzvB1TsovqJ88v8rFWi08U-KJjw> <xmx:7R3CXnuIgw8t4mGOepKrao7SMAEVT4hrPvsyyq4_poGJlCnsRiaNYA> <xmx:7h3CXsGAkJPZTSNkiGhOw9vp6dKO0727Wn-ScBVqpcAyBvkM8r_ncQ>
Received: from ( []) by (Postfix) with ESMTPA id 6FDEB30663E0; Mon, 18 May 2020 01:32:27 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Mark Nottingham <>
In-Reply-To: <>
Date: Mon, 18 May 2020 15:32:21 +1000
Cc: The IESG <>,,,, Tommy Pauly <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Martin Duke <>
X-Mailer: Apple Mail (2.3608.
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: 1jaYOL-0001BK-Lc d005c8f4aa40f27d2d33dd00001e913c
Subject: Re: Martin Duke's Discuss on draft-ietf-httpbis-header-structure-18: (with DISCUSS and COMMENT)
Archived-At: <>
X-Mailing-List: <> archive/latest/37644
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

Hi Martin,

Thanks for the review; responses below. I've incorporated your feedback in <>.

> On 18 May 2020, at 8:21 am, Martin Duke via Datatracker <> wrote:
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> This is probably a simple one, and perhaps I'm missing something obvious:
> Throughout Section 3, the document specifies minimum data structure sizes (1024
> list members, 256 inner list members, 64-character keys, etc.) that the
> receiver MUST be able to process. What is the desired behavior if any of these
> data structures exceeds what the receiver can process? Must it skip the entire
> field, or can it process the first N entries and then ignore the rest? Given
> the "Intentionally Strict Processing" principle, it would be good to spell this
> out.

Good question; this didn't come up. I suspect that failing (i.e., skipping the field) is in keeping with the rest of the spec, but I agree that it's good to spell it out. See text in the commit; I put it in Implementation Notes.

> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Thanks for this noble attempt to tame the wildness that is the HTTP spec!
> Comments:
> - While this is by no means a required change to publish this document, I found
> the order of Section 3 to be backwards from what would easiest to follow. The
> higher-order concepts (e.g. lists) are defined first, and refer to low-level
> concepts (like items) that are not defined till the end of the section.

I'm reluctant to make such a large change to the specification, even if it's largely mechanical at this point; to me, the risk of introducing errors outweighs the minor benefits.

> Nits:
> - In Sec 3.1.2, it might be useful to explain that in example-IntHeader, a is

Text added.

> - sec 3.2. Can you add some text to make it clear that the value in dictionary
> entries is only optional (in brackets) because of Boolean TRUE? This was not
> clear to me until I read sec. 4.1.2.

The document already says this; see para starting "Members whose value is Boolean..."

> - Sec 4. s/before HPACK is applied/before compression with HPACK
> (A receiver "applies" HPACK to decompress, and presumably before doing this
> parsing)

Also in.

> - Sec 4.2. s/header value/field value



Mark Nottingham