Re: Design Issue: Must Ignore Rule for Unknown Frame Types

James M Snell <jasnell@gmail.com> Thu, 25 April 2013 23:21 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 820F721F972B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Apr 2013 16:21:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.166
X-Spam-Level:
X-Spam-Status: No, score=-10.166 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NcgMZeSVkADd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Apr 2013 16:21:53 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 3AE7421F972C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 25 Apr 2013 16:21:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UVVTy-0000l5-JJ for ietf-http-wg-dist@listhub.w3.org; Thu, 25 Apr 2013 23:21:42 +0000
Resent-Date: Thu, 25 Apr 2013 23:21:42 +0000
Resent-Message-Id: <E1UVVTy-0000l5-JJ@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jasnell@gmail.com>) id 1UVVTu-0000kL-39 for ietf-http-wg@listhub.w3.org; Thu, 25 Apr 2013 23:21:38 +0000
Received: from mail-ob0-f178.google.com ([209.85.214.178]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <jasnell@gmail.com>) id 1UVVTt-0006tW-Ar for ietf-http-wg@w3.org; Thu, 25 Apr 2013 23:21:38 +0000
Received: by mail-ob0-f178.google.com with SMTP id 16so2979752obc.23 for <ietf-http-wg@w3.org>; Thu, 25 Apr 2013 16:21:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=PQ1mMYmcES7nqViS95NBJDZemFFs8ODgRJ4e+wqrrSM=; b=w5RiKuz784Kj7nYT/xLn8oRBtFybGXWD3yQ1c7lE+50/khphbU81XwWxAG8eNIvuud M5VpACrFBuYevgC+6vhp9m4J94i2eirgC5fbxpdZkiF3q/3ndgQPgp+9A8lHIEAh1Wxd D6ZTM9gBzLhEGlzZYY57FlIGfQpkIwOKpnfFudhwRKp57uBTR1QYS02rH5vXiPOYSDtW 5SkSfP6vAkabfij1W9DD+1BV4c5y8+UdgUikRlBSU3/wzt2f42739L+0oZX2kNexvtxQ TER6HKQYRg2BOVebrZ0FUBeGtkeuKNEhZD/vR04AZ2BZnYzg5+boRXeZkngIlK3bVRYr 0Epw==
X-Received: by 10.182.214.38 with SMTP id nx6mr2272708obc.77.1366932071279; Thu, 25 Apr 2013 16:21:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.60.3.137 with HTTP; Thu, 25 Apr 2013 16:20:51 -0700 (PDT)
In-Reply-To: <CABkgnnWCCC23=6hQJAhicdihSaDdcc79xHbKB8ntiyKvY6XE5w@mail.gmail.com>
References: <CABP7Rbe_wEayjZnkMhLpexaKqYUaP7dP-bvAr8PK3bvjueV_rw@mail.gmail.com> <CABkgnnWCCC23=6hQJAhicdihSaDdcc79xHbKB8ntiyKvY6XE5w@mail.gmail.com>
From: James M Snell <jasnell@gmail.com>
Date: Thu, 25 Apr 2013 16:20:51 -0700
Message-ID: <CABP7RbfWkhh=ziOyOzTf5ahQBYNe=JdGXCy9ERR_9DpE8tdWZQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=209.85.214.178; envelope-from=jasnell@gmail.com; helo=mail-ob0-f178.google.com
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: AWL=-1.728, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UVVTt-0006tW-Ar 45d6f6fe14b6a926efd9c168c0667f6f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Design Issue: Must Ignore Rule for Unknown Frame Types
Archived-At: <http://www.w3.org/mid/CABP7RbfWkhh=ziOyOzTf5ahQBYNe=JdGXCy9ERR_9DpE8tdWZQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17583
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Ok, then if we go with MUST Ignore, we need to be explicit about
requiring that unknown frame types cannot modify session / connection
state. The most significant effect of this is that new frame types
must not contain compressed header blocks that utilize the same shared
compression state as known frames. That does not rule out the use of
header compression in those frames, it just dictates that the state
management for those occur at a higher level in the stack.

On Thu, Apr 25, 2013 at 4:14 PM, Martin Thomson
<martin.thomson@gmail.com>; wrote:
> If "MUST ignore", then it follows that "cannot modify session/connection state".
>
> I prefer "MUST ignore" because it allows for new frame types within a
> standardized negotiated protocol without fatal errors.  If you want to
> have new frame types modify session state, then you can negotiate a
> new protocol (HTTP/2.infinity)".
>
> BTW, that's a standard response we came up with informally at the
> Tokyo interim.  If someone wants to break the protocol, they are free
> to break their own because negotiating new protocols is going to be
> easy ... we hope.
>
> On 25 April 2013 15:58, James M Snell <jasnell@gmail.com>; wrote:
>> https://github.com/http2/http2-spec/issues/80
>>
>> In the current draft (-02) we say, "Implementations MUST ignore
>> unsupported and unrecognized frame types." but we give no guidance
>> that I can find about handling unknown frames that potentially modify
>> session state. For example, suppose some extension comes up with a new
>> frame type that includes a compressed header block. The receiving
>> endpoint will have no way of interpreting the content, but if it
>> ignores the frame entirely, it's stored session state can unknowingly
>> fall out of sync with the sender.
>>
>> Recommendation: rather than a "MUST IGNORE" rule here, unknown and
>> unrecognized frame types ought to be a Session Error because the
>> receiver cannot determine whether and how those frames may have
>> changed the session state on the sending side. It would not be safe
>> for the receiver to continue attempting to communicate with the sender
>> on that session.
>>
>> This obviously has an impact on the extensibility of the framing
>> layer. In short, a sender would not be able to use a new frame type
>> unless it knows the receiver can interpret it. The only solution for
>> that would be to have some kind of negotiation occur where the sender
>> effectively ask the recipient if particular extensions are supported
>> (as part of the session header perhaps?)
>>