IETF Logo Mail Archive

Re: HTTP/2 extensibility <draft-ietf-httpbis-http2-17>

Martin Thomson <martin.thomson@gmail.com> Thu, 05 March 2015 18:02 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC2641A1EFD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Mar 2015 10:02:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.012
X-Spam-Level:
X-Spam-Status: No, score=-7.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JwsYyoEPu5FB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Mar 2015 10:02:01 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF9821A1F00 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 5 Mar 2015 10:01:59 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YTa1s-0002rW-2z for ietf-http-wg-dist@listhub.w3.org; Thu, 05 Mar 2015 17:57:48 +0000
Resent-Date: Thu, 05 Mar 2015 17:57:48 +0000
Resent-Message-Id: <E1YTa1s-0002rW-2z@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1YTa1h-0002ql-KG for ietf-http-wg@listhub.w3.org; Thu, 05 Mar 2015 17:57:37 +0000
Received: from mail-ob0-f181.google.com ([209.85.214.181]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1YTa1g-0000Pe-JO for ietf-http-wg@w3.org; Thu, 05 Mar 2015 17:57:37 +0000
Received: by obcwp4 with SMTP id wp4so8532724obc.4 for <ietf-http-wg@w3.org>; Thu, 05 Mar 2015 09:57:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=j9bUYYxLB1yTwciho29VsbFBp0g4+oEttreNfK+XmiI=; b=JSKhVkCrB3FE8mktf1KKSSoP3h79OJvHSLRv3XAjhOgj8AqOQH+IwTwdHIa43JnqnK udG6ZDdyVZcRJP0Z48tRkthPExIKYyXTEzX0Muubxlv8A1yiKF6OJ4Dw+UjEHKc65okY zynn/4m7FJ05GoRo9KwdTKJl5b83MO+OpfPWdhmrqaQVVaDeM1ElPCdx4hTsUhyb16nE oIvbdq8LncwxCGYb/jUoB/4BqSaHedPBbpkWa2AvoIHUvcmSonH39q1riP0HD1tzJ5Ls FcXQ4YgcA25NhR7bCSbJwYky+60KCeyiSWUAC36TEGjJOLaJZe+0dCPYhnld3ie9GfIN NfzA==
MIME-Version: 1.0
X-Received: by 10.202.7.1 with SMTP id 1mr7407034oih.16.1425578230525; Thu, 05 Mar 2015 09:57:10 -0800 (PST)
Received: by 10.202.225.135 with HTTP; Thu, 5 Mar 2015 09:57:10 -0800 (PST)
In-Reply-To: <201503051255.t25Ct8YK001645@bagheera.jungle.bt.co.uk>
References: <201503051255.t25Ct8YK001645@bagheera.jungle.bt.co.uk>
Date: Thu, 05 Mar 2015 09:57:10 -0800
Message-ID: <CABkgnnVM3hoAMUj6TY0UztPUEa4=NuovEeeDmGgOr_R4JeKv2A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Bob Briscoe <bob.briscoe@bt.com>
Cc: Mike Belshe <mbelshe@chromium.org>, "fenix@google.com" <fenix@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.214.181; envelope-from=martin.thomson@gmail.com; helo=mail-ob0-f181.google.com
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-2.599, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: maggie.w3.org 1YTa1g-0000Pe-JO ef0b8c147b7974973b90c41b5ce8f057
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 extensibility <draft-ietf-httpbis-http2-17>
Archived-At: <http://www.w3.org/mid/CABkgnnVM3hoAMUj6TY0UztPUEa4=NuovEeeDmGgOr_R4JeKv2A@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28890
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Bob,

Thanks for your input.  Just two notes, to hopefully provide more
context for this decisions on this point.

On 5 March 2015 at 04:55, Bob Briscoe <bob.briscoe@bt.com> wrote:
> Achieving this milestone on time has been impressive. I understand the
> reasons for having to get something standardised. However, I see potential
> problems. And that would be fine, but only if there were a more granular
> mechanism to extend the protocol to fix it in future.

This was the subject of lengthy discussion, a good part of which you
won't find on the mailing list unfortunately.  However, there was
pretty strong consensus for the model you see before you.

Basically, there is a tension between the desire to be arbitrarily
extensible and the competing desires for both protocol robustness and
actually finishing on time.

Robustness (or robust interoperability) was considered top priority
for HTTP/2, trumping even the concerns you describe, which were
debated at some length.  However, the general principle driving the
design here was to make it very easy to detect when a peer has
diverged from the well-defined core protocol.  Detecting those errors
immediately and failing requests and connections ensures that
implementation errors do not persist long term.  Instead, they get
fixed.

Part of the reason HTTP/1.1 is such a pain to work with is the
numerous places where flexibility is permitted. Variations in HTTP/1.1
implementations have become entrenched, causing new implementations to
be forced into including all the same sort of ugly hacks or risk
interoperability failure.  An interoperable HTTP/1.1 implementation is
MUCH harder to build than it should be.

Many of the implementers of HTTP/2 had experience with the pain that
causes and so we were very careful to identify places where
implementations could deviate (to the extent possible) and
aggressively foreclose on those.

You might like to think of this from another perspective: Postel's
famous statement[1] is not a principle that guides protocol design, it
is in fact a fatalistic observation about the effect of entropic decay
of a protocol.

Finally, designing good extensibility is really, really hard.  It
takes time.  And as the saying goes, shipping is a feature.

> For instance, a number of potential issues around DoS are left open. If the
> protocol has to be hardened against new attacks, I believe the recommended
> extensibility path is to design and implement a completely new protocol
> release, then upgraded endpoints negotiate it during the initial handshake.
> The timescale for such a process is measured in years, during which the
> vulnerability has to be lived with. Surely we need more granular
> extensibility; to introduce new frame types and structures, and/or to
> deprecate outdated/vulnerable ones.

I don't know what others think, but I would expect that a small,
necessary change to the protocol could be deployed by those affected
in much the same timescale as an extension might be.  I do appreciate
the fact that calling something HTTP/3 to fix a small DoS bug might
*seem* drastic, but the only risk is in avoiding people with an axe to
grind trying to get in other changes when you do that.

(I'll also note that your concerns are largely only relevant in the
presence of intermediaries, for what that is worth.)

v2.23.0 | Report a Bug | By Email