IETF Logo Mail Archive

RE: [Moderator Action] [Technical Errata Reported] RFC7540 (4663)

<d.stussy@yahoo.com> Thu, 14 April 2016 20:19 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FFE412D8E4 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 13:19:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.286
X-Spam-Level:
X-Spam-Status: No, score=-6.286 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_YAHOO_RCVD=1.63, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 45UKwDV0ZRMc for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 13:19:31 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FED112DAB1 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 14 Apr 2016 13:19:31 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aqnfz-0004Yc-38 for ietf-http-wg-dist@listhub.w3.org; Thu, 14 Apr 2016 20:15:43 +0000
Resent-Message-Id: <E1aqnfz-0004Yc-38@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1aqnfs-0004PB-MH for ietf-http-wg@listhub.w3.org; Thu, 14 Apr 2016 20:15:36 +0000
Received: from raoul.w3.org ([128.30.52.128]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1aqnfq-0003kL-Ip for ietf-http-wg@w3.org; Thu, 14 Apr 2016 20:15:36 +0000
Received: from homard.platy.net ([80.67.176.7] helo=[192.168.1.40]) by raoul.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1aqnfp-000BPJ-T1 for ietf-http-wg@w3.org; Thu, 14 Apr 2016 20:15:34 +0000
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: text/plain; charset="us-ascii"
Resent-To: ietf-http-wg@w3.org
To: Barry Leiba <barryleiba@computer.org>, Mike Bishop <Michael.Bishop@microsoft.com>
From: d.stussy@yahoo.com
Resent-From: Yves Lafon <ylafon@w3.org>
Date: Tue, 12 Apr 2016 21:14:39 +0000
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Mark Nottingham <mnot@mnot.net>, Mike Belshe <mike@belshe.com>, Roberto Peon <fenix@google.com>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Reply-To: d.stussy@yahoo.com
Resent-Date: Thu, 14 Apr 2016 22:15:30 +0200
Message-Id: <338903921.2029698.1460495476785.JavaMail.yahoo@mail.yahoo.com>
X-Name-Md5: efe3dad792d606410c9cc49cedaffc94
References: <338903921.2029698.1460495476785.JavaMail.yahoo.ref@mail.yahoo.com>
X-Mailer: Apple Mail (2.3124)
X-W3C-Hub-Spam-Status: No, score=-0.9
X-W3C-Hub-Spam-Report: ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_YAHOO_RCVD=1.63, NML_ADSP_CUSTOM_MED=0.9, RP_MATCHES_RCVD=-0.996, W3C_NW=0.5
X-W3C-Scan-Sig: lisa.w3.org 1aqnfq-0003kL-Ip 64837da32e59b70b91c19c992d8d9b0a
X-Original-To: ietf-http-wg@w3.org
Subject: RE: [Moderator Action] [Technical Errata Reported] RFC7540 (4663)
Archived-At: <http://www.w3.org/mid/338903921.2029698.1460495476785.JavaMail.yahoo@mail.yahoo.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31461
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Rebuttal:
1)  The CGI interface variable is supposed to report the protocol version used between server and client.  Per RFC 3875, it has a specified format.  RFC 7540 did NOT change that format.  "HTTP/2.0" is the required generated string from the ABNF.  Addressing the RFC 1796 comment, RFC 7540 simply contained no authority or directive to change the string, whether [future] standard or informational.

2)  Although HTTP/2 does NOT communicate its version number between server and client in any header using its binary format (by design), there is still the HTTP/1.1 direct upgrade mechanism mentioned in RFC 7540, section 3.5, that clearly has a "HTTP/2.0" substring in the "client connection preface" string.  If things were as you say, shouldn't the ".0" part have been omitted?

RFC 2616, aka "HTTP 1.1", is an Internet standard (after 26 years, it certainly has been promoted from "draft").  I fully expect RFC 7540 to follow that path, especially as it is a "standards track" class RFC document.  A standard, by definition, is enforceable.  RFC 7230, updating 2616, in section 2.6, still defines the http-version string with the same ABNF as RFC 3875, thus no meaningful update.  Although not used in the actual client/server exchange as it was in HTTP 1.1 and earlier, it's still in use in the logs and the CGI interface WITHOUT any syntax change.

Other:
In searching the source code for both Apache (2.4.18) and the nghttp2 library (1.9.2), I note that Apache got it wrong and the nghttp2 library got it correct.  The latter specifically uses a "HTTP/2.0" string as it should for the CGI protocol identifier string.  Bug 59313 was opened at the Apache site for the problem.  Feel free to comment there too.  It is this confusion that caused me to raise the issue.


The fact remains:  RFC 7540 did not change the format of the HTTP version CGI string, yet the authors of the most popularly used software somehow read this document to think that it had.  That is a problem.  My errata suggestion clarifies the issue.

--------------------------------------------
On Tue, 4/12/16, Mike Bishop <Michael.Bishop@microsoft.com> wrote:

Subject: RE: [Technical Errata Reported] RFC7540 (4663)
To: "Barry Leiba" <barryleiba@computer.org>, "d.stussy@yahoo.com" <d.stussy@yahoo.com>
Cc: "RFC Errata System" <rfc-editor@rfc-editor.org>, "Mark Nottingham" <mnot@mnot.net>, "Mike Belshe" <mike@belshe.com>, "Roberto Peon" <fenix@google.com>, "Martin Thomson" <martin.thomson@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Date: Tuesday, April 12, 2016, 1:19 PM

Intent:  The explicit
change from 2.0 to 2 between drafts -09 and -10.  Yes,
there was a deliberate choice to make the change throughout
the document.  Was this described in detail in the final
document, along with reasoning?  No.  Perhaps it would
have been worth a mention, but it wasn't.  It's
still an explicit change.  The connection preamble is
intended to look somewhat like HTTP/1.1 with a new version
number, but not be valid, so that inspecting servers will
fail quickly if they're going to.  The PRI method is
reserved in HTTP/1.1 for the same reason, to ensure that the
preamble will never look like a valid HTTP/1.1 request.

Did we think about the fact
that an Informational RFC had taken a dependency on how
things were in HTTP/1.1?  We discussed the possibility that
software out there would have, but not that RFC
specifically.  HTTP/2 needs to be compatible with prior
Standards, but see RFC 1796.

But while we're talking about RFC 3875, it
says "Here, 'protocol' defines the syntax of
some of the information passing between the server and the
script (the 'protocol-specific' features)." and
"This MAY differ from the protocol version used by the
server in its communication with the client."  So
unless the *script* supports a newer version of HTTP (and
therefore will understand whatever string is used to express
it), it might be most cautious for the server and the script
to continue communicating over HTTP/1.1 regardless of the
version being used to communicate with the client. 
However, that's a decision for individual
implementations, not a standards document decision. 

-----Original Message-----
From: barryleiba@gmail.com
[mailto:barryleiba@gmail.com]
On Behalf Of Barry Leiba
Sent: Tuesday,
April 12, 2016 10:47 AM
To: d.stussy@yahoo.com
Cc: RFC Errata System <rfc-editor@rfc-editor.org>;
Mark Nottingham <mnot@mnot.net>; Mike
Belshe <mike@belshe.com>;
Roberto Peon <fenix@google.com>;
Martin Thomson <martin.thomson@gmail.com>;
HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: [Technical Errata Reported]
RFC7540 (4663)

I don't
understand how it breaks anything: when you use HTTP/1.1,
you have the minor version.  When you use HTTP/2,
you're using a server that understands HTTP/2 and knows
what to expect.  Please explain where the problem
occurs.

Barry

On Tue, Apr 12, 2016 at 1:11
PM,  <d.stussy@yahoo.com>
wrote:
> If there were a deliberate
choice to omit the "minor" version number, such
needs to be stated in the RFC.  Such a choice is actually
omitted, and thus I see no such intent.  What results at
best is a conflict between two RFC's, and at least, an
implementation error by the group which authored the HTTP/2
library I cited, which is in turn adopted by Apache, the
most common HTTP server software used on the Internet (per
the Netcraft survey).  I raised this as an error because I
do not believe that it was the intent of this RFC to break
an earlier RFC with which it claims backward compatibility
in the majority of HTTP servers on the Internet.
> 
> 
--------------------------------------------
> On Tue, 4/12/16, Mark Nottingham <mnot@mnot.net>
wrote:
> 
>   Subject:
Re: [Technical Errata Reported] RFC7540 (4663)
>   To: "RFC Errata System" <rfc-editor@rfc-editor.org>
>   Cc: "Mike Belshe" <mike@belshe.com>,
fenix@google.com,
"Martin 
> Thomson" <martin.thomson@gmail.com>,
barryleiba@computer.org,

> d.stussy@yahoo.com,
ietf-http-wg@w3.org
>   Date: Tuesday, April 12, 2016, 12:31
AM
> 
>   REJECT; HTTP
is not
>   defined by the CGI
specification, and the WG made a  conscious choice 
> to omit the minor version number.
> 
>   Updating the CGI
specification
>   is more appropriate
(although an errata may not be the best  way to 
> do it for that spec either).
> 
>   Cheers,
> 
> 
>   >
>   On 12 Apr
2016, at 5:19 PM, RFC Errata System 
> 
<rfc-editor@rfc-editor.org>
>   wrote:
>   >
>   > The
>  
following errata report has been submitted for RFC7540, 
> "Hypertext 
> Transfer Protocol
Version
>   2 (HTTP/2)".
>   >
>   >
>  
--------------------------------------
>   >
>   You may
review the report below and at:
>  
> 
>   http://www.rfc-editor.org/errata_search.php?rfc=7540&eid=4663
>   >
>   >
>  
--------------------------------------
>   >
>   Type:
Technical
>   > Reported by: D.
Stussy
>   <d.stussy@yahoo.com>
>   >
>   >
Section: 8 omits
>   >
>   > Original Text
>   > -------------
>   >
>   [Note:  RFC
3875, section 4.1.16, defines the protocol  version as:
>   >
>   >
>   HTTP-Version = "HTTP"
"/" 1*digit
>   "."
1*digit
>   >
>  
> Nothing in RFC 7540 redefines this.]  >  >
Corrected Text  > 
> -------------- 
> Add  paragraph at end of section 8 (before 8.1) -
>   Clarification:
>  
> 
>   >
>  
HTTP/2 preserves the format of the SERVER_PROTOCOL CGI 
variable,  > 
> both in the CGI
interface and  for any server logging purposes.  Where 

>> a version string is necessary, it
is  "HTTP/2.0" as defined by RFC 
> 3875.
>   >
>   > Notes
>   >
-----
>   > Compatibility
>   is required with a prior published RFC,
or a specific change  
> superseding the
prior RFC need be explicitly stated.  This  RFC states 
> in its abstract:
>  
> 
>   > "This specification is
an alternative  to, but does not obsolete, 
> the HTTP/1.1 message syntax.
>   HTTP's existing semantics remain
unchanged"
>   >
>   > RFC 7540, section
>   3.5's connection preface string
containing  "HTTP/2.0" implies that 
> the RFC authors should  have forseen this
issue, and added a paragraph 
> to
section 8  to explicitly state no change in the CGI
interface 
> variable  SERVER_PROTOCOL
was desired.  At least one implementation  
> is using a version string of
"HTTP/2", not  "HTTP/2.0", because of
how 
> it is referred in this  RFC.
("nghttp2.org" has incorrectly 
> implemented  this in its library
routines.)  >  > Instructions:
>   >
>  
-------------
>   > This erratum is
currently
>   posted as
"Reported". If necessary, please  > use
"Reply All" to 
> discuss 
whether it should be verified or  >  rejected. When a

> decision is reached, the verifying
party
>   (IESG)
>  
> can log in to change the status
>  
and edit the report, if necessary.
>  
> 
>   >
--------------------------------------
>   > RFC7540
(draft-ietf-httpbis-http2-17)  > 
> 
--------------------------------------
>   > Title           
   :
>   Hypertext Transfer
Protocol Version 2 (HTTP/2)
>   >
Publication Date    : May 2015
>   >
Author(s)           : M.
>   Belshe, R. Peon, M. Thomson, Ed.
>   >
>   Category 
          : PROPOSED STANDARD
>  
> Source              : Hypertext
>   Transfer Protocol Bis APP
>   > Area
>      
      : Applications
>   >
Stream
>               : IETF
>   > Verifying
>  
Party     : IESG
>   >
> 
>   --
>   Mark
>  
Nottingham   https://www.mnot.net/
> 
> 
>

v2.23.0 | Report a Bug | By Email