Re: #481, was: WGLC: p7 MUSTs
Alex Rousskov <rousskov@measurement-factory.com> Sun, 09 June 2013 18:52 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3B1121F880F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Jun 2013 11:52:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KeJ3wpfKW+80 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 9 Jun 2013 11:52:34 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 2C93A21F87B7 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 9 Jun 2013 11:52:33 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UlkhW-000557-5H for ietf-http-wg-dist@listhub.w3.org; Sun, 09 Jun 2013 18:50:50 +0000
Resent-Date: Sun, 09 Jun 2013 18:50:50 +0000
Resent-Message-Id: <E1UlkhW-000557-5H@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <rousskov@measurement-factory.com>) id 1UlkhI-00054O-B4 for ietf-http-wg@listhub.w3.org; Sun, 09 Jun 2013 18:50:36 +0000
Received: from measurement-factory.com ([209.169.10.130]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <rousskov@measurement-factory.com>) id 1UlkhH-0001RD-Jm for ietf-http-wg@w3.org; Sun, 09 Jun 2013 18:50:36 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) (authenticated bits=0) by measurement-factory.com (8.14.3/8.14.3) with ESMTP id r59Io7ZZ047110 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 9 Jun 2013 12:50:08 -0600 (MDT) (envelope-from rousskov@measurement-factory.com)
Message-ID: <51B4CE53.5010204@measurement-factory.com>
Date: Sun, 09 Jun 2013 12:49:55 -0600
From: Alex Rousskov <rousskov@measurement-factory.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: IETF HTTP WG <ietf-http-wg@w3.org>
CC: Julian Reschke <julian.reschke@gmx.de>
References: <D69329FD-7456-46C5-BE24-6E7EE7E48C39@mnot.net> <5180A37D.6050003@measurement-factory.com> <51B4B40B.1080800@gmx.de>
In-Reply-To: <51B4B40B.1080800@gmx.de>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=209.169.10.130; envelope-from=rousskov@measurement-factory.com; helo=measurement-factory.com
X-W3C-Hub-Spam-Status: No, score=-4.5
X-W3C-Hub-Spam-Report: AWL=-2.437, BAYES_00=-1.9, RP_MATCHES_RCVD=-0.125, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UlkhH-0001RD-Jm 3d363ed20b06e68533cebb94eb6b0edd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #481, was: WGLC: p7 MUSTs
Archived-At: <http://www.w3.org/mid/51B4CE53.5010204@measurement-factory.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18205
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 06/09/2013 10:57 AM, Julian Reschke wrote: > On 2013-05-01 07:09, Alex Rousskov wrote: >> And here is a list of requirements that are missing an explicit actor on >> which the requirement is placed. Even though it is often possible to >> guess the actor, most of these should be easy to rephrase to place the >> requirement on the intended actor explicitly (e.g., "A proxy MUST" >> instead of "a header field MUST": >> >>> each parameter name MUST only occur once per challenge > > That's a requirement on the validity of a challenge. Yes. We need to make clear which actors that requirement applies to. > As such it does not depend on the actor. It does. When I originally complained that lots of RFC 2616 MUSTs may be interpreted as if they apply to proxies when they should not and suggested a general rule to excuse proxies from policing traffic, I was told that a better approach is to check each and every MUST to make sure it is clear whether it applies to blind forwarding situations or not. The current HTTPbis specs use that overall approach via the introduction of "sends" vs "generates" difference (thank you!). However, to enable such checks, each MUST has to have an actor with "sends", "generates", or another appropriate keyword. Otherwise, it is not clear whether the proxy is responsible for policing things like challenges with duplicate parameter names. The overhead of checking and adjusting each requirement comes with the approach. You cannot have it both ways. >>> This response MUST include a WWW-Authenticate header >> >>> The 407 (Proxy Authentication Required) response message [...] MUST >>> include a Proxy-Authenticate header field >> >>> information necessary to authenticate a request MUST be provided in >>> the request >> >>> It MUST be included as part of a 407 (Proxy Authentication Required) >>> response. >> >>> It MUST be included in 401 (Unauthorized) response messages > > Similar things can be said about these. Yes, the flaw is similar. > What you seem to ask for is information about what a proxy should do > when it receives a message that already violates a MUST level > requirement. No, I am not asking for that. I am asking to make it possible to determine whether a proxy forwarding a malformed message is in violation of the specs. As discussed above, each requirement has to be clear on that by using appropriate actors and verbs. If you say "server MUST NOT send X", the proxy becomes responsible for not forwarding X. If you say "server MUST NOT generate X", the proxy forwarding behavior is not restricted by that specific requirement. When you say "request MUST NOT have X", the specs become ambiguous: some will claim that a proxy forwarding X is in violation and some will claim that the requirement is not applicable to proxies. Hope this clarifies, Alex.
- Working Group Last Call on the HTTPbis document s… Mark Nottingham
- Re: Working Group Last Call on the HTTPbis docume… Julian Reschke
- WGLC: p1 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Willy Tarreau
- WGLC: p2 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Willy Tarreau
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- WGLC: p4 MUSTs Alex Rousskov
- WGLC: p5 MUSTs Alex Rousskov
- WGLC: p6 MUSTs Alex Rousskov
- WGLC: p7 MUSTs Alex Rousskov
- WGLC p1: MUST fix Content-Length? Alex Rousskov
- Re: WGLC: p1 MUST NOT pipeline until connection i… Willy Tarreau
- Re: WGLC p1: MUST fix Content-Length? Willy Tarreau
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- Re: WGLC p1: MUST fix Content-Length? Alex Rousskov
- Re: WGLC: p1 MUST NOT pipeline until connection i… Willy Tarreau
- Re: WGLC p1: MUST fix Content-Length? Willy Tarreau
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- Re: WGLC p1: MUST fix Content-Length? Alex Rousskov
- Re: WGLC: p1 MUST NOT pipeline until connection i… Willy Tarreau
- Re: WGLC: p5 MUSTs Ken Murchison
- Re: WGLC: p1 MUST NOT pipeline until connection i… Alex Rousskov
- Re: WGLC: p5 MUSTs Alex Rousskov
- Re: WGLC: p7 MUSTs Mark Nottingham
- Re: WGLC p1: MUST fix Content-Length? Mark Nottingham
- Re: WGLC: p1 MUSTs Mark Nottingham
- Re: WGLC: p5 MUSTs Mark Nottingham
- #481, was: WGLC: p7 MUSTs Julian Reschke
- Re: #481, was: WGLC: p7 MUSTs Alex Rousskov
- Re: #481, was: WGLC: p7 MUSTs Julian Reschke
- Re: #481, was: WGLC: p7 MUSTs Alex Rousskov
- Re: #481, was: WGLC: p7 MUSTs Julian Reschke
- Re: #481, was: WGLC: p7 MUSTs Julian Reschke
- #483, was: WGLC p1: MUST fix Content-Length? Julian Reschke
- Re: WGLC: p1 MUSTs Roy T. Fielding
- Re: WGLC: p1 MUSTs Alex Rousskov
- Re: WGLC: p1 MUSTs Roy T. Fielding
- Re: WGLC: p1 MUSTs Roy T. Fielding
- Re: WGLC: p2 MUSTs Roy T. Fielding
- Re: WGLC: p2 MUSTs Amos Jeffries
- Re: WGLC: p4 MUSTs Roy T. Fielding