Re: #461, was: p4: editorial suggestions

Julian Reschke <julian.reschke@gmx.de> Mon, 06 May 2013 07:20 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 796E021F8EB1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 May 2013 00:20:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qn-98ghqnM8Q for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 May 2013 00:19:59 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id D557A21F8EAF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 6 May 2013 00:19:58 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UZFhO-0000Ue-Sh for ietf-http-wg-dist@listhub.w3.org; Mon, 06 May 2013 07:19:02 +0000
Resent-Date: Mon, 06 May 2013 07:19:02 +0000
Resent-Message-Id: <E1UZFhO-0000Ue-Sh@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <julian.reschke@gmx.de>) id 1UZFhE-0000Tn-HZ for ietf-http-wg@listhub.w3.org; Mon, 06 May 2013 07:18:52 +0000
Received: from mout.gmx.net ([212.227.15.19]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <julian.reschke@gmx.de>) id 1UZFhD-0004FX-Tj for ietf-http-wg@w3.org; Mon, 06 May 2013 07:18:52 +0000
Received: from mailout-de.gmx.net ([10.1.76.27]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0Mb5Wf-1Us9Jy2jAx-00Ki5V for <ietf-http-wg@w3.org>; Mon, 06 May 2013 09:18:25 +0200
Received: (qmail invoked by alias); 06 May 2013 07:18:25 -0000
Received: from p5DD964D5.dip0.t-ipconnect.de (EHLO [192.168.2.117]) [93.217.100.213] by mail.gmx.net (mp027) with SMTP; 06 May 2013 09:18:25 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1/+yYRR1P7+xUXdhSJ1EdEB6O67+5DY8IZyeN6yiv c6DPyi05n79POs
Message-ID: <51875940.9050608@gmx.de>
Date: Mon, 06 May 2013 09:18:24 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Mark Nottingham <mnot@mnot.net>
CC: Ken Murchison <murch@andrew.cmu.edu>, ietf-http-wg@w3.org
References: <517FC225.4020609@gmx.de> <517FD961.5020108@andrew.cmu.edu> <1A0A9A80-3552-43F0-8A30-4235660ABBC3@mnot.net> <5182102B.2080200@gmx.de> <5FED5920-BC5D-409B-98E1-CF15CFF7EFE4@mnot.net> <51874DEB.2070802@gmx.de> <1BEACC84-4BA0-4E23-9E08-5EE6B74F03CF@mnot.net>
In-Reply-To: <1BEACC84-4BA0-4E23-9E08-5EE6B74F03CF@mnot.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Received-SPF: pass client-ip=212.227.15.19; envelope-from=julian.reschke@gmx.de; helo=mout.gmx.net
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: AWL=-2.483, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UZFhD-0004FX-Tj 32d3f26d62fbd70cf7c44412a131cf59
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #461, was: p4: editorial suggestions
Archived-At: <http://www.w3.org/mid/51875940.9050608@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17845
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 2013-05-06 08:34, Mark Nottingham wrote:
>
> On 06/05/2013, at 4:30 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
>>
>> a) For some of these, MUST may be better.
>
> I thought you were interested in keeping changes minimal... :)

I'm mainly interested to finish HTTP/1.1. This implies that we should 
now concentrate on fixing things that are broken. This does not appear 
to be broken.

>> b) It always has been MUST, why change it?
>
> Because strictly interpreted, it can result in leaking information about resources that require authentication (among other nonsensical conditions).

How so?

"For each conditional request, a server MUST evaluate the request 
preconditions after it has successfully performed its normal request 
checks (i.e., just before it would perform the action associated with 
the request method). Preconditions are ignored if the server determines 
that an error or redirect response applies before they are evaluated. 
Otherwise, the evaluation depends on both the method semantics and the 
choice of conditional."

>> And most importantly:
>>
>> c) A conditional header field may be used to protect a potentially destructive request to change a resource that has been updated in between. Clients must be able to rely on that this protection works (and they do rely on it now), so it is a MUST fail. The also rely on a specific status code being returned in this case for diagnostics, so I believe it has to remain a "MUST fail" with this specific code.
>
> Great; we can make it MUST NOT apply the method, as we do elsewhere in several places already, whilst making the status code to return a SHOULD.

I still don't understand the benefit, but I *do* see drawbacks.

Best regards, Julian