Re: Adam Roach's Yes on draft-ietf-httpbis-replay-03: (with COMMENT)
Willy Tarreau <w@1wt.eu> Wed, 06 June 2018 09:10 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB328130ED2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 6 Jun 2018 02:10:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.652
X-Spam-Level:
X-Spam-Status: No, score=-7.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85V62liS_TBY for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 6 Jun 2018 02:10:57 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 820E2130ED3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 6 Jun 2018 02:10:57 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1fQUKZ-0006YD-Le for ietf-http-wg-dist@listhub.w3.org; Wed, 06 Jun 2018 09:02:11 +0000
Resent-Date: Wed, 06 Jun 2018 09:02:11 +0000
Resent-Message-Id: <E1fQUKZ-0006YD-Le@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <w@1wt.eu>) id 1fQUKM-0006Uf-B0 for ietf-http-wg@listhub.w3.org; Wed, 06 Jun 2018 09:01:58 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by mimas.w3.org with esmtp (Exim 4.89) (envelope-from <w@1wt.eu>) id 1fQUKK-0002dt-Kf for ietf-http-wg@w3.org; Wed, 06 Jun 2018 09:01:58 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id w5691FX5017410; Wed, 6 Jun 2018 11:01:15 +0200
Date: Wed, 06 Jun 2018 11:01:15 +0200
From: Willy Tarreau <w@1wt.eu>
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-replay@ietf.org, Patrick McManus <mcmanus@ducksong.com>, httpbis-chairs@ietf.org, ietf-http-wg@w3.org
Message-ID: <20180606090115.GA17394@1wt.eu>
References: <152826435826.19241.12786566199717196532.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <152826435826.19241.12786566199717196532.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
X-W3C-Hub-Spam-Status: No, score=-6.8
X-W3C-Hub-Spam-Report: AWL=1.058, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1fQUKK-0002dt-Kf e1e707e2e75d3f169d4ba0ed59111761
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Adam Roach's Yes on draft-ietf-httpbis-replay-03: (with COMMENT)
Archived-At: <https://www.w3.org/mid/20180606090115.GA17394@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35489
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hello Adam,
first, thanks for your review.
On Tue, Jun 05, 2018 at 10:52:38PM -0700, Adam Roach wrote:
> ---------------------------------------------------------------------------
>
> §5.2:
>
> > In all cases, an intermediary can forward a 425 (Too Early) status
> > code. Intermediaries MUST forward a 425 (Too Early) status code if
> > the request that it received and forwarded contained an "Early-Data"
> > header field. Otherwise, an intermediary that receives a request in
> > early data MAY automatically retry that request in response to a 425
> > (Too Early) status code, but it MUST wait for the TLS handshake to
> > complete on the connection where it received the request.
>
> This seems correct but incomplete.
>
> I believe that we also want to (MUST-level) require the forwarding of the 425
> in the case in which an intermediary receives a request from a client in early
> data (i.e., no "Early-Data" header field), forwards it towards the origin
> (with an "Early-Data" header field), and then receives a 425 response. I
> suspect the intention here was to cover that case in the "MUST" above, but
> it's not what the text actually says.
I'm not sure I get exactly the case you want to cover or what you would
like to adjust. The purpose of what is (possibly poorly) explained in the
original text is to ensure that the following cases are properly covered :
- client sending a request using early data, intermediary forwarding it
before waiting for handshake to complete, receiving 425 thus forwarding
425 to the client to ask it to retransmit without using early data ;
- client sending a request using early data, intermediary forwarding it
before waiting for handshake to complete, receiving 425 but having the
whole request buffered, so it can wait for the handshake to complete
and then retry without bothering the client since after the handshake
completes the request is safe.
- client sending a request using early data, the first intermediary
forwards it before waiting for handshake to complete, adding an
Early-Data header field, then a second intermediary receives it,
passes it to the server which responds 425. In this case the second
intermediary has no way to wait for a handshake to complete, it must
return 425 to the first intermediary (its own client). The first
intermediary now is in either of the two cases above, it may either
send 425 to the client or retry it by itself if it is able to wait
for the handshake to complete.
Please let us know if there's still something unclear in this explanation
and/or what part of the original text needs to be adjusted to more clearly
reflect these points.
Thank you!
Willy
- Adam Roach's Yes on draft-ietf-httpbis-replay-03:… Adam Roach
- Re: Adam Roach's Yes on draft-ietf-httpbis-replay… Willy Tarreau
- Re: Adam Roach's Yes on draft-ietf-httpbis-replay… Martin Thomson
- Re: Adam Roach's Yes on draft-ietf-httpbis-replay… Adam Roach