IETF Logo Mail Archive

Re: The use of binary data in any part of HTTP 2.0 is not good

William Chan (陈智昌) <willchan@chromium.org> Mon, 21 January 2013 00:42 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 256AC21F8700 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 20 Jan 2013 16:42:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.078
X-Spam-Level:
X-Spam-Status: No, score=-7.078 tagged_above=-999 required=5 tests=[FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QYT8HRj2jYBu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 20 Jan 2013 16:42:54 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 182C321F86FC for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 20 Jan 2013 16:42:54 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Tx5SN-0003X7-5k for ietf-http-wg-dist@listhub.w3.org; Mon, 21 Jan 2013 00:41:47 +0000
Resent-Date: Mon, 21 Jan 2013 00:41:47 +0000
Resent-Message-Id: <E1Tx5SN-0003X7-5k@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <willchan@google.com>) id 1Tx5SH-0003WG-Np for ietf-http-wg@listhub.w3.org; Mon, 21 Jan 2013 00:41:41 +0000
Received: from mail-qa0-f43.google.com ([209.85.216.43]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <willchan@google.com>) id 1Tx5SG-0002FS-RC for ietf-http-wg@w3.org; Mon, 21 Jan 2013 00:41:41 +0000
Received: by mail-qa0-f43.google.com with SMTP id cr7so6442497qab.16 for <ietf-http-wg@w3.org>; Sun, 20 Jan 2013 16:41:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=9YCM407SH+/MMvXGl4rmzi86GfZcDvqAf6Ev5q5mnpQ=; b=PHTcQoohS9zlZgH+lKbTZzMI7oNhH8yit8VkMp9dvaKKbpq3r/46r3/qSSGsDeWqUn V+nZTeLkCOe3S9WqEsujVI8DE13aP7Ud6IcAVkKnbKipWNOE+fI0cq9yoGIUJIsU1gcA 7Qx/+vo/RHcH2U7pCV5kvNIcsg4q1dexvRgRfUk0S/Z2rIhWJefOTX+vW5LMWRVF5CrG NZEWyTf5cE3KIl61GDyRDVUw2RCwg1HZXxdUhuCRAe3OW9jwR4XeEQSJ5G1QMJsLsKtb 1qIVfsIY/GjF9H1Ck5rxruixGkdqupos5SUz8rEZDAE8VABo1HaFB+H8YBlIKDz2HM82 7SkQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=9YCM407SH+/MMvXGl4rmzi86GfZcDvqAf6Ev5q5mnpQ=; b=g5Gd+gA07I+mYXGBl0/bnww/gmrgIYv2TmC7lJRv5Dex9q3NUSy3quEJWOK4oMBA+C t8ECEq37YYqU1beQqxJQabFsDob79FaJ5TX+xDNEcGYvJtypDLSfW2cx9RWcTfAkR9w9 +bH+7TAzyfPV5wgcu10mXZtg9O8qLVSoZzM+Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=9YCM407SH+/MMvXGl4rmzi86GfZcDvqAf6Ev5q5mnpQ=; b=GjgFTuTG64M3ElIO3N61fiCJaFb20zR7ljUr0V76xK78yeDrlsmXDlSfMPQUe6c+cq CCrbzQURgyxHPT8xlgrBwRwn3T34muyJRGSP0seWkGO6R5Cv98J9Ox/UgMXIIgYbXIdd C/aeAO9QfWLJ1pYzQduyRbLUe0BUlMtmqTe1woCQA0e3SPd6L8YzirV/VVCSmFoJ4o71 jc7j3VNcRDdYNs/Mjbz+Z6mK0Xza0vxF4i3pHowPLwF4GDES6uLOzGvNEhwQgYCq0x1A TVyXxwH7KG9kqZJYCeW5WfaugH77EGcTDeDqYe8hYEFONspKFjpHJTPb+XwRbc7LFfLN tsdA==
MIME-Version: 1.0
X-Received: by 10.229.78.7 with SMTP id i7mr3873581qck.119.1358728874561; Sun, 20 Jan 2013 16:41:14 -0800 (PST)
Sender: willchan@google.com
Received: by 10.229.57.163 with HTTP; Sun, 20 Jan 2013 16:41:14 -0800 (PST)
In-Reply-To: <3EFE45C2-8147-432C-8D15-7E8C5AEC39DC@mnot.net>
References: <em670f0a0f-3c5a-4f99-88cb-03bd4234ce63@bombed> <7F8E363D-6D6E-4FDD-B8EA-24A31383B1A3@mnot.net> <CAA4WUYiPRpm0OWesf5wTGLX--HWtDmgjFr+wSEEVr-beH8J=qw@mail.gmail.com> <3EFE45C2-8147-432C-8D15-7E8C5AEC39DC@mnot.net>
Date: Sun, 20 Jan 2013 16:41:14 -0800
X-Google-Sender-Auth: 26RmRaTD2C4mT3UT6S4EUB23Pm8
Message-ID: <CAA4WUYhxHbFeaw-M=DUdKKKafhdDE4U5==N2QGY2hd_ptxSHiA@mail.gmail.com>
From: "William Chan (陈智昌)" <willchan@chromium.org>
To: Mark Nottingham <mnot@mnot.net>
Cc: "Adrien W. de Croy" <adrien@qbik.com>, Pablo <paa.listas@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnA7TzXuNMYCsxEbIaAP4DveKrUuMrjS9vI1DJ/4JjkjUVaSrg+pdN44zEThW2ji5BY5iEqqMJCC9sozbfuFxLucS6/C+x5+BxElsgFl+tsqQWRN+Z483AkFhmEVcu/pMsA+i9n3Pxt9xwfIaKNm7HSmEOc94LFx+m8mjXwUuGqd2AXCjtHJqwyZei5nVaHF4BCl30U
Received-SPF: pass client-ip=209.85.216.43; envelope-from=willchan@google.com; helo=mail-qa0-f43.google.com
X-W3C-Hub-Spam-Status: No, score=-4.0
X-W3C-Hub-Spam-Report: AWL=-1.277, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1Tx5SG-0002FS-RC 9d21306f1e3b9a4d958f806250ad955e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: The use of binary data in any part of HTTP 2.0 is not good
Archived-At: <http://www.w3.org/mid/CAA4WUYhxHbFeaw-M=DUdKKKafhdDE4U5==N2QGY2hd_ptxSHiA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/16068
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I need to consider it longer, since I still have some concerns -
namely, client-side intermediaries / 3rd-party software.

Note that it's common nowadays for 3rd party software to interact with
browser software at a very intimate level. Maybe do it in the form of
Winsock LSPs (see
https://code.google.com/p/chromium/issues/detail?id=27870 for an
example of how we've had to work around bugs here), (oft-times
malicious) extensions
(https://code.google.com/p/chromium/issues/detail?id=128748#c15), or
external applications directly mucking with browser specific data
(here are links to examples of Samsung Support Center directly mucking
with the browser cache:
https://bugzilla.mozilla.org/show_bug.cgi?id=825665 &
https://code.google.com/p/chromium/issues/detail?id=167578#c11).

Many times these intermediaries / 3rd party software are trying to do
"legitimate" things like sniffing headers so they can do filtering
based on that. If we add a sender-configured option to enable
disabling header encoding/compression at the client, it's very likely
that 3rd party software will take advantage of that option for popular
client software (popular browsers). Thus, even if such an option
existed in the spec, I would be nervous about exposing it within
Chromium in such a way that 3rd party software could force it on.

And if such a mechanism existed sender-side, I still don't see what
(beyond a secured transport like TLS) prevents an ISP or corporate
network administrator who has filtering software he/she wants to run
from adding a hop that enables this debug option to make it easier to
pass through to 3rd party authored filtering software running within
the ISP / corporate network.

My concerns are admittedly erring on the side of paranoia, but it is
definitely advised by our (Google Chrome) previous experience in this
area. Please see
https://developers.google.com/speed/articles/use-compression where we
provide data on the prevalence of the aforementioned Accept-Encoding
stripping issue. "There are a handful of ISPs, where the percentage of
uncompressed content is over 95%. One likely hypothesis is that either
an ISP or a corporate proxy removes or mangles the Accept-Encoding
header." Accept-Encoding is a sender-side controlled header, so unless
the proposed option is protected somehow via TLS or something, I would
imagine that it likewise would expose us to the issue we've seen with
Accept-Encoding stripping.

All options are ripe for abuse. We should be very careful to make sure
the option is truly necessary, rather than just potentially useful, in
order to counterbalance the downside of possible abuse.

On Sun, Jan 20, 2013 at 4:05 PM, Mark Nottingham <mnot@mnot.net> wrote:
> It was discussed in terms of disabling it at the sender, not through negotiation, so I don't think the case you're talking about is going to be a problem.
>
>
> On 21/01/2013, at 10:55 AM, William Chan (陈智昌) <willchan@chromium.org> wrote:
>
>> Maybe it falls upon me to be the voice of concern here :) Depending on
>> what a "debug" option entails, I'm worried about it being used to
>> disable a performance feature. As an example of how options can be
>> dangerous, we've seen intermediaries that strip out Accept-Encoding
>> headers in order to force responses to be uncompressed (probably so
>> they can inspect the payloads more easily/cheaply), which is an issue
>> from a web performance perspective.
>>
>> Back to the use case, if you're in a position to use the debug option,
>> is it likely that you would not also be in a position to capture
>> enough to decode? I'd like to understand the use case so I can
>> properly weigh the benefit of such an option, in contrast to the cost
>> that I highlighted above.
>>
>> On Sun, Jan 20, 2013 at 3:48 PM, Mark Nottingham <mnot@mnot.net> wrote:
>>>
>>> On 21/01/2013, at 10:38 AM, "Adrien W. de Croy" <adrien@qbik.com> wrote:
>>>
>>>>
>>>> the thing that will make debugging harder won't be binary vs text, but the inter-dependence of messages.  Especially when it comes to looking through debug logs for issues.
>>>>
>>>> On-the-wire, you already need to piece together a TCP stream to see what's going on, so having http messages effectively split over multiple frames (e.g. delta encoding, or compression) only becomes a problem when you don't capture enough to decode.
>>>>
>>>> I think it might be worth-while specifying a requirement for a "debug" option for senders of binary messages which turns off all other optimisations, such as caching unchanged headers etc (so they are sent every time).  Just an idea.
>>>
>>> That's been brought up a few times, and the reaction has been pretty positive.
>>>
>>> Cheers,
>>>
>>>
>>> --
>>> Mark Nottingham   http://www.mnot.net/
>>>
>>>
>>>
>>
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>

v2.23.0 | Report a Bug | By Email