Re: trailers and pseudo-headers

Willy Tarreau <w@1wt.eu> Wed, 02 July 2014 12:27 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FC81A008D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Jul 2014 05:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.553
X-Spam-Level:
X-Spam-Status: No, score=-7.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id azH7iQPGvSEk for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 Jul 2014 05:27:47 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB2A81A0091 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 2 Jul 2014 05:27:46 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1X2Jbm-0001aQ-Iq for ietf-http-wg-dist@listhub.w3.org; Wed, 02 Jul 2014 12:25:54 +0000
Resent-Date: Wed, 02 Jul 2014 12:25:54 +0000
Resent-Message-Id: <E1X2Jbm-0001aQ-Iq@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <w@1wt.eu>) id 1X2Jbi-0001Xo-UV for ietf-http-wg@listhub.w3.org; Wed, 02 Jul 2014 12:25:50 +0000
Received: from 1wt.eu ([62.212.114.60]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <w@1wt.eu>) id 1X2Jbh-0007WQ-Sd for ietf-http-wg@w3.org; Wed, 02 Jul 2014 12:25:50 +0000
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id s62CPMh6030589; Wed, 2 Jul 2014 14:25:22 +0200
Date: Wed, 02 Jul 2014 14:25:22 +0200
From: Willy Tarreau <w@1wt.eu>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Julian Reschke <julian.reschke@gmx.de>, Mark Nottingham <mnot@mnot.net>, "Eric J. Bowman" <eric@bisonsystems.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140702122522.GE28975@1wt.eu>
References: <19984.1404286540@critter.freebsd.dk> <53B3B835.80807@gmx.de> <20154.1404288175@critter.freebsd.dk> <53B3BF49.9030207@gmx.de> <20291.1404289079@critter.freebsd.dk> <20140702034611.2dd18217cd132f02ab3bf24f@bisonsystems.net> <20859.1404294984@critter.freebsd.dk> <08B2F3CC-868C-47CC-99AE-3BB6E49D984D@mnot.net> <53B3DB11.9010606@gmx.de> <21051.1404296557@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <21051.1404296557@critter.freebsd.dk>
User-Agent: Mutt/1.4.2.3i
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-3.1
X-W3C-Hub-Spam-Report: AWL=-3.053, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: maggie.w3.org 1X2Jbh-0007WQ-Sd 668d8d5c2d453e8c626de8ce96923522
X-Original-To: ietf-http-wg@w3.org
Subject: Re: trailers and pseudo-headers
Archived-At: <http://www.w3.org/mid/20140702122522.GE28975@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/25133
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, Jul 02, 2014 at 10:22:37AM +0000, Poul-Henning Kamp wrote:
> In message <53B3DB11.9010606@gmx.de>, Julian Reschke writes:
> >On 2014-07-02 11:58, Mark Nottingham wrote:
> >> Personally - very strong +1. This is fundamental. Yes, it sucks, but it’s how HTTP works, and we can’t change it here.
> >> ...
> >
> >The reason why I raised this is that in HTTP/1.1, the HTTP status isn't 
> >a header field, so the issue doesn't come up. In HTTP/2, it's a pseudo 
> >header field, so it *could* appear in trailers, and thus people might be 
> >tempted to take advantage of it.
> 
> I think the best way to handle this textually, is to explain that :header
> are not really headers, but a sleigh of hand HTTP/2 uses to transmit
> the non-header protocol fields, and that this does not change the
> semantics of those fields in any way.

Explaining does not solve everything. It's very clear that content-length
may only appear once, still we've had to deal with the multiple C-L case
due to bogus application servers or intermediaries and even indicate in
the spec how to process them :-/

I think here we should take the first steps and write an explicit "MUST NOT
be sent" and a "SHOULD reset the stream if received" in the spec so that
everyone acts correctly and people cannot develop such crap without noticing.

Willy