Re: Is HTTP/1.0 still relevant?

Stefan Eissing <stefan.eissing@greenbytes.de> Fri, 04 September 2020 07:18 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F33A3A0F50 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:18:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Level:
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lyEGuLgN-juc for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:18:03 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 467443A0F3A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 4 Sep 2020 00:18:03 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kE5yn-0006XF-QP for ietf-http-wg-dist@listhub.w3.org; Fri, 04 Sep 2020 07:17:50 +0000
Resent-Date: Fri, 04 Sep 2020 07:17:49 +0000
Resent-Message-Id: <E1kE5yn-0006XF-QP@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <stefan.eissing@greenbytes.de>) id 1kE5ym-0006VC-7Q for ietf-http-wg@listhub.w3.org; Fri, 04 Sep 2020 07:17:48 +0000
Received: from mail2.greenbytes.de ([5.10.171.186] helo=mail.greenbytes.de) by mimas.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <stefan.eissing@greenbytes.de>) id 1kE5yj-0005WN-Vu for ietf-http-wg@w3.org; Fri, 04 Sep 2020 07:17:48 +0000
Received: by mail.greenbytes.de (Postfix, from userid 119) id 71F6B9864F6; Fri, 4 Sep 2020 09:17:33 +0200 (CEST)
Received: from icing.fritz.box (unknown [93.207.149.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 900A098084F; Fri, 4 Sep 2020 09:17:32 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Stefan Eissing <stefan.eissing@greenbytes.de>
In-Reply-To: <17457f2cfaa.b1c12efb13715.7081201094742751967@zoho.com>
Date: Fri, 4 Sep 2020 09:17:32 +0200
Cc: Willy Tarreau <w@1wt.eu>, Ietf Http Wg <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <13FF9481-ADFB-4006-A237-9CA795507C5B@greenbytes.de>
References: <174578870d7.1265f983c12789.7350275676057542310@zoho.com> <20200904054051.GA2905@1wt.eu> <17457f2cfaa.b1c12efb13715.7081201094742751967@zoho.com>
To: Eric J Bowman <mellowmutt@zoho.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Received-SPF: pass client-ip=5.10.171.186; envelope-from=stefan.eissing@greenbytes.de; helo=mail.greenbytes.de
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1kE5yj-0005WN-Vu 4ddfb98ef63b695b1eae673b510dbc2a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Is HTTP/1.0 still relevant?
Archived-At: <https://www.w3.org/mid/13FF9481-ADFB-4006-A237-9CA795507C5B@greenbytes.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38003
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>


> Am 04.09.2020 um 09:09 schrieb Eric J Bowman <mellowmutt@zoho.com>om>:
> 
> ---- On Thu, 03 Sep 2020 22:40:51 -0700 Willy Tarreau <w@1wt.eu> wrote ---- 
> >
> > Hi,
> >
> On Thu, Sep 03, 2020 at 10:13:13PM -0700, Eric J Bowman wrote:
> >>
> >> Hi, I'm greenfield-coding a webserver, and wondering if I can just do away
> >> with back-compat with HTTP/1.0. My concern is it's still alive and kicking on
> >> intermediaries. Is there any empirical data on this? Opinions also
> >> appreciated.
> >>
> >
> > It really depends what your target is. If you want to support browsers
> > and nothing else, it's probably fine to simply fail on it. If you're
> > expecting that applications built on top of your web server are compatible
> > with various perf testing tools, monitoring scripts, availability tests,
> > dirty in-house search engines, or just succeed in some compliance tests,
> > it's probably better to still support it.
> >
> 
> Hey Willy! Long time no chat. :) I try to code for all intermediaries and
> clients, not just browsers, but at this point in time I'm also trying to
> eliminate edge cases from my code, because I want to hold it all in my head.
> 
> I both appreciate and hate your answer! I didn't realize that the sorts of
> testing scripts you mention are still looking for HTTP/1.0 compat. I'm
> coding a development server, but I want it to handle significant real-world
> traffic all the same. I don't care about meeting any test criteria but my
> own, I suppose, when you get down to it. But I am an old dog trying to learn
> new tricks!

Many existing OCSP clients in servers (*cough*), use HTTP/1.0 to staple certificates. I have no data from the IoT devices of the world, but I would suspect many of them will do as well.

Be happy when you can get away without supporting HTTP/0.9. ;)

Cheers, Stefan

> >
> > In addition I'd suggest that once you've implemented HTTP/1.1, you'll
> > note that implementing HTTP/1.0 requires no effort as it's only a subset
> > of HTTP/1.1, so you'll just have to add a few "if" around some code
> > blocks. In short, Connection defaults to close instead of keep-alive...
> >
> 
> Exactly! My code's a lot cleaner and even removes a comment, if I default
> to HTTP/1.1 for the Connection header. I'm trying to avoid "just add[ing] a
> few" lines of code. It's 2020. I want to hold my webserver code in my head.
> I don't want to eplain back-compat with HTTP/1.0 anymore, let alone pollute
> my code with it, unless it's really still necessary, which I'm trying to
> ascertain.
> 
> >
> > neither chunked transfer-encoding nor 1xx responses are expected to be
> > supported, and Host is optional. Thus not supporting 1.0 would make your
> > 1.1 implementation look fairly suspicious about its ability to adapt to
> > a client or server's 1.1 capabilities.
> >
> 
> Every httpd I've ever coded or configured, has bent over backwards to avoid
> T-E chunked or 1xx responses, and requires the Host header. But hey, if this
> was 2005, I'd be 95% done with my webserver code, not like, 33% tops atm...
> 
> >
> > The real difficulty with 1.0 is that most of the time such requests come
> > from very low-quality clients (mostly scripts) that do not even look at
> > the content-length header.
> >
> 
> Hmmm... yeah. Development server. Strict is fine. I'll be making HTTP/1.1
> my baseline and not worrying about 1.0, but thanks for explaining to me how
> that can go wrong. For this project, I don't think I care. If I did care,
> thanks for pointing out that it isn't all that difficult to support 1.0.
> 
> >
> > Just my two cents,
> > Willy
> >
> 
> Your two cents is always worth a nickel. ;)
> 
> -Eric
> 
>