IETF Logo Mail Archive

Re: RFC 9113 and :authority header field

Martin Thomson <mt@lowentropy.net> Wed, 29 June 2022 00:41 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB19FC157B53 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 28 Jun 2022 17:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.758
X-Spam-Level:
X-Spam-Status: No, score=-2.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=f4YuliF8; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=d3GjiNSR
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3WZUBrKXMIN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 28 Jun 2022 17:41:30 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EC63C157B50 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 28 Jun 2022 17:41:30 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1o6Lia-00CDpd-No for ietf-http-wg-dist@listhub.w3.org; Wed, 29 Jun 2022 00:38:08 +0000
Resent-Date: Wed, 29 Jun 2022 00:38:08 +0000
Resent-Message-Id: <E1o6Lia-00CDpd-No@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <mt@lowentropy.net>) id 1o6LiY-00CDoe-Nb for ietf-http-wg@listhub.w3.org; Wed, 29 Jun 2022 00:38:06 +0000
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <mt@lowentropy.net>) id 1o6LiW-006qh9-Pp for ietf-http-wg@w3.org; Wed, 29 Jun 2022 00:38:05 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id F30533200902; Tue, 28 Jun 2022 20:37:48 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Tue, 28 Jun 2022 20:37:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm3; t=1656463068; x=1656549468; bh=BO p5d7in4edRNOQzezip57E8fDt8W1s9Inyo2FAToSM=; b=f4YuliF80gSsxs6nYH vm6QegnC14kIG/8TdJY1kwjoB6TywUi/FSnoOqVFETf0/bfMTyzI7IiGICsXbeRX W2FpbjAbxGadBuKlU5zOWaV791n+w30NMGImCv1nejpHjrDN4zvMZ1iLNNGmUxo8 bIYTIehn9UhyeDSuAudd5UsyphhvYOMR6BevvoMnG4j9GLJqbd9XQW7v8Z90kr4H 7LZM5V7qWH2TtiEv4qwXNon/MzcxGXntEJOSmhG1bDeUaL3gWvzBypKRyzAmwDQN K50D0V4xdhfJaZ9iBR6qKbNSk9/pzCNw37Q9z1gTD8qaMlUt4ufFp15bxZK6HXH9 UCNQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1656463068; x=1656549468; bh=BOp5d7in4edRNOQzezip57E8fDt8 W1s9Inyo2FAToSM=; b=d3GjiNSRgLj8UUMCMh/8kwZZN1hOazWAHnKJWT1yVJDz WzeTRCD8tQlO4Tt8pLzjsIkpdnGp+Mm+CDSh9HwEe4MxmsFbD1W5+QsPp7xS1CbL xCS6XRfV8blsvPGoovvrDmGV9aAA53z3H33BE4ms/JRqrzpzmc6UfD2V1o4J1rfD CmcIbrNu3EK9R9zPXXVDEx/V7l2sECIG1oOngNblkLBmsGluiouXfpykQrumyrwB ehirYYrZsBJp7azky1I9fnYyFzjfzpoND4pG39D5mhCUj8DJ4n2ll14bZIPtYsk5 3e0svxsOBTIf0rsvu9cyH6YFzLWqbrWj7VwjlkcqxA==
X-ME-Sender: <xms:3J67YvuwXWodTJWsdjTmmOm7OvvJAYB71N5Ohd4HeOTzIdcUfFgZQg> <xme:3J67Ygf5P5DSlunTym0T6AmKUA4AZsXXFM2GG6FW1w8CXSPTRiOyOyvDCWnPv_5Mf IG-9YNrun_tQgyJjDc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegkedgfeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeduheehgfehieeufeeuhefhieeutefhhedthfeikeeiveduvdeg vdevjedtfeetkeenucffohhmrghinhepfhgrshhtlhihrdgtohhmpdhgohhoghhlvgdrtg homhdphhhtthhpvddrihhtpddutghouhhluggvgihprhgvshhsvghvvghnfihhvghnihht ughiughnthhmrghkvghsvghnshgvrdgrthenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:3J67YiyqzYBUb4W7ZU9qc_bUKRHKDzNiBg2CefTPitRx9S2sOTdwNw> <xmx:3J67YuNo6OtRYHMeET47dSpIXc4eyAuSHbuIIYTXuaO_ifY1REIS6w> <xmx:3J67Yv9euAeVofSLBg_sQxyEaEVXd1mcbWjImbol5KEnXtMg-0VhMA> <xmx:3J67YsFg3Wv3Q5iFNxkEgkSDh4NJiiQRA_XhXOc0lnD8Ms63md0w5Q>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3D9FF2340077; Tue, 28 Jun 2022 20:37:48 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-713-g1f035dc716-fm-20220617.001-g1f035dc7
Mime-Version: 1.0
Message-Id: <741f3592-4d20-45fc-9658-8c4c71f08e5b@beta.fastmail.com>
In-Reply-To: <CAPyZ6=LCSDAsPoFCQ2cRO-i+dpo5vnp2L5A7ZLw8dvRtDs6HUg@mail.gmail.com>
References: <CAPyZ6=+q+MoOOwoCxbtFjt+gqsjHBqTzz9KXNVcs3EP-4VFp=Q@mail.gmail.com> <D7142A8A-5B80-46F5-A653-2307EE2DC5D8@gbiv.com> <CAPyZ6=LCSDAsPoFCQ2cRO-i+dpo5vnp2L5A7ZLw8dvRtDs6HUg@mail.gmail.com>
Date: Wed, 29 Jun 2022 10:37:27 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Cc: Ian Swett <ianswett@google.com>, Kazuho Oku <kazuhooku@gmail.com>
Content-Type: text/plain
Received-SPF: pass client-ip=64.147.123.20; envelope-from=mt@lowentropy.net; helo=wout4-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1o6LiW-006qh9-Pp 3d22bfcdf30b8d5b8e61cd3d7bdd38da
X-Original-To: ietf-http-wg@w3.org
Subject: Re: RFC 9113 and :authority header field
Archived-At: <https://www.w3.org/mid/741f3592-4d20-45fc-9658-8c4c71f08e5b@beta.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40214
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, Jun 29, 2022, at 09:58, Tatsuhiro Tsujikawa wrote:
> I think 2) is valid in terms of RFC 7540, but it suddenly becomes 
> invalid in terms of RFC 9113?
> Is this correct?  https://www.fastly.com and https://www.google.com now 
> reject 2).

My understanding is that both are valid alternatives.  As would a third option that contained the same value in both host and :authority.  The 4xx responses you are getting are (probably) compliance bugs.

Thankfully we know people who might be closer to someone who is able to fix or defend those bugs.  (On CC).

This whole host and :authority thing was an original mistake in HTTP/2.  It was grounded in the view that HTTP/2 had to faithfully capture every weird thing HTTP/1.1 could express, even when it didn't make sense.  At the time, that was pragmatic and it might have aided deployment into systems that were, on some levels, broken.  In time, we should seek to remove those exceptions.  In the revision, we did some of that by disallowing different values.

v2.23.0 | Report a Bug | By Email