IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC9111 (7695)

Dron Rathore <dron.rathore@gmail.com> Wed, 08 November 2023 06:57 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F31FC18773C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Nov 2023 22:57:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.455
X-Spam-Level:
X-Spam-Status: No, score=-7.455 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UzfT-kuFyHfD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Nov 2023 22:57:33 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00499C198499 for <httpbisa-archive-bis2Juki@ietf.org>; Tue, 7 Nov 2023 22:57:32 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1r0cSh-000etW-En for ietf-http-wg-dist@listhub.w3.org; Wed, 08 Nov 2023 06:54:51 +0000
Resent-Date: Wed, 08 Nov 2023 06:54:51 +0000
Resent-Message-Id: <E1r0cSh-000etW-En@lyra.w3.org>
Received: from www-data by lyra.w3.org with local (Exim 4.94.2) (envelope-from <dron.rathore@gmail.com>) id 1r0cSY-000eob-1e for ietf-http-wg@listhub.w3.org; Wed, 08 Nov 2023 06:54:42 +0000
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <dron.rathore@gmail.com>) id 1r0UGd-00HMuQ-8Y for ietf-http-wg@listhub.w3.org; Tue, 07 Nov 2023 22:09:51 +0000
Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <dron.rathore@gmail.com>) id 1r0UGa-007Ore-SX for ietf-http-wg@w3.org; Tue, 07 Nov 2023 22:09:50 +0000
Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1c9b7c234a7so56590445ad.3 for <ietf-http-wg@w3.org>; Tue, 07 Nov 2023 14:09:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699394984; x=1699999784; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2ADX4ZfWOb0p7j6J4sExkg72CmatVb+10GM0RWSyxA4=; b=D1PRb50hTESqoTodmfwk0QmxgEr0Z71JMYB6uHhD0DAzPQXB9zhuyvubHRTkQGCsU4 l2YWoLtvoLkNSwpXB/ripG6Ovrkbh78dkt6XBc5+xuWfQa2tbtgJUWjJSzsBrmzy/nNE ueogcmCq0QMS8xQpBnzUixd33r0qLdndyQ8RvdyC3ux9JuZknMUABugmv7pu80AGyKaQ Vn56/Mfd34iN4iqwrt4m4x7Ejy6z6OeAIAsKBH6AnvRr3X0fygjt03Fhi2HFsc/FYMwP 0/r6FpXPjlsHBGNvhwYfyOzUxPlOhTB7ViB49i+uo6UcBlKhbOCfdI+An+DSSXtNcJIZ IinA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699394984; x=1699999784; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2ADX4ZfWOb0p7j6J4sExkg72CmatVb+10GM0RWSyxA4=; b=rt4gbAQ+Vhh9elHmhn1/q+ADkN5IUEcbxu62uZnW59SzmFvvOXdZi101p0x53Y+GfC rcjRFOAIZo7lstMkzneoPxJaJCc1DAF+2je3D4avqI0Aeso29cZWQKwiX0/usTwGh1su T67PLFytu6cfJvsWoHw6SvG/yr2hElKFvTBtGYWPLPplZToxN9of4FnfezZWlxm1wLpO zgGG2KbvWN4sUAmpiNcYJgetUSIJrBvdRuUD5VVahwWUaCXZJ0mph0G2aKeXUly4UDQb N+jepiNhjoHvNdapyilVspnWXrxPkjcO8oUGYVi28jlVhUnmRMv+4aIWba2NU1Zh01Rt t+GQ==
X-Gm-Message-State: AOJu0Yyj/fOj2GnWqKwkQZnknN4wrBdPl9mqyIvARdg8VnpQQ3AVN/0l tPRmigDthJUhkY267EDdPX2QUNXSgt1u7iQc5XtMLFM8QKIDn/em
X-Google-Smtp-Source: AGHT+IF0v+FPmP1JtFg83v5q90qmBsc2BIoTUdJ2dk2JgXcPM39Nu4B3VGzmbKZ47l1I3tVLfxrbPU70sJ17KNSd/C0=
X-Received: by 2002:a17:90b:164a:b0:281:87b:a560 with SMTP id il10-20020a17090b164a00b00281087ba560mr73809pjb.13.1699394984436; Tue, 07 Nov 2023 14:09:44 -0800 (PST)
MIME-Version: 1.0
References: <20231107174221.2692D55E6C@rfcpa.amsl.com> <7136A09F-B4A2-4C84-BE4D-063D96383798@gbiv.com>
In-Reply-To: <7136A09F-B4A2-4C84-BE4D-063D96383798@gbiv.com>
From: Dron Rathore <dron.rathore@gmail.com>
Date: Tue, 07 Nov 2023 14:09:33 -0800
Message-ID: <CAK4icCjQQth3cZQuEgdPhhGbpLpS7541Y6aWjJJs4NNHGBAaNw@mail.gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@greenbytes.de>, "Murray S. Kucherawy" <superuser@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>, Tommy Pauly <tpauly@apple.com>, ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="00000000000061670f0609973ad1"
Received-SPF: pass client-ip=2607:f8b0:4864:20::629; envelope-from=dron.rathore@gmail.com; helo=mail-pl1-x629.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=dron.rathore@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1r0UGa-007Ore-SX 6c808b764020dc8ef5e43684a77bfa80
X-caa-id: 409ca8dd6b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Technical Errata Reported] RFC9111 (7695)
Archived-At: <https://www.w3.org/mid/CAK4icCjQQth3cZQuEgdPhhGbpLpS7541Y6aWjJJs4NNHGBAaNw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51578
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hey Roy,

Thanks for the response and the explanation, I am okay with this errata
rejection. Just so that I understand it correctly, the bigger point you are
calling out is: A cache MAY choose to honor If-Match, If-Unmodified-Since
headers i.e. a cache does not necessarily have to a) return 412 on
validation
failure b) or forward the request to origin as per RFC
9111#section-4.3.2-3[1]

> Hierarchical cache meshes can use conditional GET mechanisms
> to backfill partially cached entries, even if the origin would
> have offered a different representation, and they might choose
> to do so with If-Match (instead of If-Range) if they do not want
> the content transferred when updated (i.e., they will remove
> their cache entry instead).

IMHO we may still want to address what procedure/rules an
intermediary cache should follow/apply to avoid ending up in a split
scenario
as documented in my errata notes. In the current world of multi-cloud
architectures companies are employing where a cache mesh may pan across
multiple
cloud vendors it makes it harder to get consensus on what is and isn't a
valid
behavior across providers, such as in this case a combination of behaviors
may
be valid i.e. a) intermediary cache may return 412 b) intermediary cache
may
serve the cached content as-it-is and let the client validate it. c)
intermediary may choose to forward the request to origin. By definition as
far as
I understand If-Match and If-Unmodified-Since are strong validators;
leaving the
behavior optional causes disagreement which is harder to negotiate or work
around when dealing with multiple large scale vendors i.e. asking cloud
vendors to
align their cache logic with how other cloud vendors are treating
conditional
headers prove to not be a viable option.

I don't have an answer on what might be a better solution at the moment here
however I would love to hear your thoughts on this.

[1]: https://www.rfc-editor.org/rfc/rfc9111#section-4.3.2-3

Thanks
Dron Rathore


On Tue, Nov 7, 2023 at 12:45 PM Roy T. Fielding <fielding@gbiv.com> wrote:

> The suggestion is not a desired solution for the problematic text.
>
> This part is not an error in the specification. Even when If-Match and
> If-Unmodified-Since are not applicable to a cache, their presence
> does not imply that the request must be forwarded to the origin.
> It will depend on other factors in the request and how/where
> the cache has been configured.
>
> The errata comments assume that cache == cache server, whereas
> RFC9111 defines a cache in general. Caches are not required to
> forward requests -- they choose to do so when that is necessary
> to fulfill their purpose.
>
> OTOH, what might be an error in RFC9111 is the general statement that
>
>    If-Match and If-Unmodified-Since conditional header
>    fields are not applicable to a cache
>
> given that both header fields are defined in RFC9110 as a
> cache MAY ignore, not MUST ignore. The reason it is a MAY ignore
> here is because HTTP defined this as a feature back in 1996 or so.
> Hierarchical cache meshes can use conditional GET mechanisms
> to backfill partially cached entries, even if the origin would
> have offered a different representation, and they might choose
> to do so with If-Match (instead of If-Range) if they do not want
> the content transferred when updated (i.e., they will remove
> their cache entry instead).
>
> This is a deliberate feature -- a choice being made by the client.
> If the client does not want this feature, they won't send If-Match
> or If-Unmodified-Since on a GET request. They will send If-Range.
> This does not result in an invalid response being returned; it is
> exactly the response that was requested and was defined as being
> valid by the origin server that supplied it in the first place.
>
> Likewise, RFC9110 section 13.2.2 is somewhat misleading
> because it attempts to summarize the MUST requirements without
> also noting that recipients MAY process If-Match and
> If-Unmodified-Since on GET.
>
> So, I understand why the reporter considers this to be errata,
> but this isn't a viable solution.
>
> ....Roy
>
>
> > On Nov 7, 2023, at 9:42 AM, RFC Errata System <rfc-editor@rfc-editor.org>
> wrote:
> >
> > The following errata report has been submitted for RFC9111,
> > "HTTP Caching".
> >
> > --------------------------------------
> > You may review the report below and at:
> > https://www.rfc-editor.org/errata/eid7695
> >
> > --------------------------------------
> > Type: Technical
> > Reported by: Dron Rathore <dron.rathore@gmail.com>
> >
> > Section: 4.3.2-4
> >
> > Original Text
> > -------------
> >   The proper evaluation of conditional requests by a cache depends on
> >   the received precondition header fields and their precedence.  In
> >   summary, the If-Match and If-Unmodified-Since conditional header
> >   fields are not applicable to a cache, and If-None-Match takes
> >   precedence over If-Modified-Since.  See Section 13.2.2 of [HTTP] for
> >   a complete specification of precondition precedence.
> >
> > Corrected Text
> > --------------
> >   The proper evaluation of conditional requests by a cache depends on
> >   the received precondition header fields and their precedence.  In
> >   summary, the If-Match and If-Unmodified-Since conditional header
> >   fields are not applicable to a cache and hence such requests MUST
> >   be forwarded to the origin, and If-None-Match takes precedence
> >   over If-Modified-Since.  See Section 13.2.2 of [HTTP] for a complete
> >   specification of precondition precedence.
> >
> > Notes
> > -----
> > Correction:
> > "the If-Match and If-Unmodified-Since conditional header fields are not
> applicable
> > to a cache [and hence such requests MUST be forwarded to the origin]"
> >
> > This is based upon the reading of RFC 9111#section-4.3.2-3[1]:
> >
> >   A cache MUST NOT evaluate conditional header fields that only apply
> >   to an origin server, occur in a request with semantics that cannot be
> >   satisfied with a cached response, or occur in a request with a target
> >   resource for which it has no stored responses; such preconditions are
> >   likely intended for some other (inbound) server.
> >
> >
> > Current RFC 9110#section-13.1.1-13[2], RFC 9110#section-13.2.2[3] and
> RFC
> > 9111#section-4.3.2-4[4] does not explicitly provide clear direction to
> cache servers as to
> > how to deal with If-Match and If-Unmodified-Since conditional headers[5].
> >
> > The correction intends to provide more clarity for If-Match and
> If-Unmodified-Since
> > header as to how a cache server should handle conditional header which
> are meant
> > for origin server based on the reading of above produced section of
> > the RFC 9111#section-4.3.2-3.
> >
> > If cache nodes have to ignore If-Match and If-Unmodified-Since header as
> per
> > RFC 9110#section-13.1.1-13 then in scenarios where they have a cached
> non-expired
> > content representation which can be satisfied sans If-Match and
> If-Unmodified-Since
> > headers the same will be returned back by cache and intermediary
> servers.
> >
> > Caching layers with multiple content representation cached in the
> network may
> > return invalid response back causing higher requests errors when dealing
> with origin
> > applicable conditional headers that are sent to intermediary cache nodes
> from
> > edge cache nodes for cache hydration.
> >
> > Consider the below scenario:
> >
> > 1. A caching system consisting of 2 cache layers with 3 servers each,
> > Server nodes "A" representing Edge cache nodes(A1, A2, A3),
> > Server nodes "B" representing intermediary cache nodes(B1, B2, B3), and
> an
> > origin server
> >
> > 2. All cache servers (A and B) make use of If-Match and
> If-Unmodified-Since to
> > hydrate their own cached content representation as per RFC
> 9110#section-13.1.1-12 [6]
> >
> > 3. All cache servers make use of 5MiB chunk ranges for cache hydration
> of large
> > files
> >
> > 4. Origin server contains a file foo with size 20MiB, with content
> > representation Etag E1
> >
> > 5. A client C1 who sends a range request for file foo with range
> 10-20MiB to edge node A1
> >
> > 6. For initial set of requests sent by edge node A1 the representation
> E1 gets
> > cached on 2 of the intermediary nodes B1 and B2 (because of 2 requests
> for
> > 5MiB chunk each)
> >
> > 6. Content representation for file foo changes to Etag E2 on origin
> >
> > 7. A client C2 who sends a range request for file foo with range
> 10-20MiB to edge node A2
> >
> > 8. Requests to edge node A2 which does not have a cached representation
> causes it
> > to send 2 range requests for 5MiB each, in this case lets assume it is
> sent to
> > intermediary cache nodes B1(range:10-15MiB) and B3(range:15-20MiB),
> > B3 node faces cache-miss and hydrates its own cache from Range
> 15Mib-20MiB
> > with content representation E2. B1 node already has a cached
> representation E1
> > for requested range so it returns it back. A2 node which has now cached
> 10-15MiB E1
> > representation received from B1 has to returns error and performs a
> cache reset for
> > itself because of mixed representation for the whole user requested
> range.
> >
> > In such a case where intermediary cache severs/nodes may end up with
> multiple
> > content representation an edge node who is trying to hydrate its own
> cache
> > will find it hard to do so, i.e. the first 5MiB
> > chunk may end up being served by intermediary cache nodes with
> representation
> > E1 and the other half of the chunk by nodes who have a content
> representation
> > E2. The error rates will be higher whenever content representation
> changes at
> > the origin server for such range requests.
> >
> >
> > [1]: https://www.rfc-editor.org/rfc/rfc9111#section-4.3.2-3
> > [2]: https://www.rfc-editor.org/rfc/rfc9110#section-13.1.1-13
> > [3]: https://www.rfc-editor.org/rfc/rfc9110#section-13.2.2
> > [4]: https://www.rfc-editor.org/rfc/rfc9111#section-4.3.2-4
> > [5]: https://github.com/httpwg/http-core/issues/1111
> > [6]: https://www.rfc-editor.org/rfc/rfc9110#section-13.1.1-12
> >
> > Instructions:
> > -------------
> > This erratum is currently posted as "Reported". (If it is spam, it
> > will be removed shortly by the RFC Production Center.) Please
> > use "Reply All" to discuss whether it should be verified or
> > rejected. When a decision is reached, the verifying party
> > will log in to change the status and edit the report, if necessary.
> >
> > --------------------------------------
> > RFC9111 (draft-ietf-httpbis-cache-19)
> > --------------------------------------
> > Title               : HTTP Caching
> > Publication Date    : June 2022
> > Author(s)           : R. Fielding, Ed., M. Nottingham, Ed., J. Reschke,
> Ed.
> > Category            : INTERNET STANDARD
> > Source              : HTTP
> > Area                : Applications and Real-Time
> > Stream              : IETF
> > Verifying Party     : IESG
> >
>
>

v2.23.0 | Report a Bug | By Email