Re: [Technical Errata Reported] RFC7230 (4667)

Willy Tarreau <w@1wt.eu> Fri, 15 April 2016 04:54 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0153612D725 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 21:54:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.917
X-Spam-Level:
X-Spam-Status: No, score=-7.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HrMGtYYja7Sd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 14 Apr 2016 21:54:30 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 218E112E5BC for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 14 Apr 2016 21:54:29 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aqvhk-0003jL-OK for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Apr 2016 04:50:04 +0000
Resent-Date: Fri, 15 Apr 2016 04:50:04 +0000
Resent-Message-Id: <E1aqvhk-0003jL-OK@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <w@1wt.eu>) id 1aqvhg-0002DR-DL for ietf-http-wg@listhub.w3.org; Fri, 15 Apr 2016 04:50:00 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by maggie.w3.org with esmtp (Exim 4.80) (envelope-from <w@1wt.eu>) id 1aqvhd-00078D-Sa for ietf-http-wg@w3.org; Fri, 15 Apr 2016 04:49:59 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id u3F4nOKQ006537; Fri, 15 Apr 2016 06:49:24 +0200
Date: Fri, 15 Apr 2016 06:49:24 +0200
From: Willy Tarreau <w@1wt.eu>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, RFC Errata System <rfc-editor@rfc-editor.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20160415044924.GF6355@1wt.eu>
References: <20160413160504.63AB6180006@rfc-editor.org> <20160413163615.GE3262@1wt.eu> <7D00E3E0-6502-4A53-BEA1-FF36E8AB3857@mnot.net> <FAF05BB6-A4DA-400E-9F92-550E215BC637@gbiv.com> <5710127C.1080007@measurement-factory.com> <38684D79-ED03-462E-8923-040EDD233F71@gbiv.com> <57103AE3.2090003@measurement-factory.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <57103AE3.2090003@measurement-factory.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.0
X-W3C-Hub-Spam-Report: AWL=0.925, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: maggie.w3.org 1aqvhd-00078D-Sa 615b0acd26487ae28d7822f1852c1912
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Technical Errata Reported] RFC7230 (4667)
Archived-At: <http://www.w3.org/mid/20160415044924.GF6355@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31470
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Apr 14, 2016 at 06:50:43PM -0600, Alex Rousskov wrote:
> On 04/14/2016 04:39 PM, Roy T. Fielding wrote:
> 
> > Don't confuse the various lenient ways in which implementations parse
> > HTTP with the requirements on generating HTTP messages that are
> > defined by the ABNF. The ABNF is intended to be more restrictive.
> 
> I fully agree, but we are not discussing ABNF creation IMO. We are
> discussing a syntax change by an HTTPbis RFC. To change HTTP/1 syntax
> that has been in use for many years, the "Founders Intent" alone is not
> enough IMHO. There must be other compelling reasons. The only other
> reason given so far was "lack of known examples", followed by your
> discussion of "space padding" as a known usage example. I expect the bar
> for HTTP/1 syntax change to be significantly higher.

Alex, it's not that black or white. We focused on maximized interoperability,
so you need to understand that when some people report that product X,Y or Z
doesn't even support chunk extensions, that other products are simply broken
regarding this and we realize that nobody produces them, it's natural to
deprecate them. They were apparently re-added in a stricter way based on
identified implementations to optimize the intersection between producers
and consumers.

It's very difficult to satisfy every implementation, especially with HTTP
that everyone tried to implement without looking at the doc in the late
1990 and early 2000 resulting in many incompatible implementations.

So here there's no intent to break anything, instead there's an intent to
make everything work together based on all the data everyone could collect.
It's not rocket science but it proved to work pretty well given all the
interoperability issues that could be addressed (eg: header folding,
multiple content-length, CRLF after body, etc).

I do think that adding the BWS back could be enough. And maybe even adding
the only one ICAP uses. After all it already took something like 5 years
for someone to notice this change, maybe ICAP is the only exception to the
rule and is sufficient to address without further breaking existing
implementations.

> > And, no, it is NEVER a good idea for new IETF protocols to
> > effectively alias other IETF protocols.
> 
> AFAICT, ICAP does not alias HTTP. It uses RFC 2616 to define HTTP
> messages. This is similar to RFC 7230 using URI definitions from RFC
> 3986. When URIbis obsoletes RFC 3986, I expect the authors to be very
> careful not to accidentally invalidate HTTP/1 messages. IMHO, HTTPbis
> should offer the same courtesy to ICAP.

Not exactly in fact, RFC3507 says this :

   ICAP is a request/response protocol similar in semantics and usage to
   HTTP/1.1 [4].  Despite the similarity, ICAP is not HTTP, nor is it an
   application protocol that runs over HTTP. (...) ICAP uses TCP/IP as a
   transport protocol.

So in short it allows implementers to save time by reusing their HTTP
parsers but does not expect to be strictly compatible. There are even
some intended differences, such as :

   Note in particular that the "Transfer-Encoding" option is not
   allowed. (...) Encapsulated bodies MUST be transferred using the
   "chunked" transfer-coding described in Section 3.6.1 of [4].
   However, encapsulated headers MUST NOT be chunked.

These ones alone prevent reliable forwarding over HTTP gateways. But I
do agree that if we don't break anything by adding the BWS back it
would be better, at least because we're now pretty sure that people
who need to adapt their HTTP parsers to also support ICAP will support
it anyway.

Regards,
Willy