Re: Is HTTP/1.0 still relevant?

Daniel Stenberg <daniel@haxx.se> Fri, 04 September 2020 07:24 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB9833A0FD1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:24:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Level:
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ix8DHVNWlzB6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:24:04 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54CFB3A0FCF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 4 Sep 2020 00:24:04 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kE64c-0007uP-WD for ietf-http-wg-dist@listhub.w3.org; Fri, 04 Sep 2020 07:23:51 +0000
Resent-Date: Fri, 04 Sep 2020 07:23:50 +0000
Resent-Message-Id: <E1kE64c-0007uP-WD@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <daniel@haxx.se>) id 1kE64b-0007td-KE for ietf-http-wg@listhub.w3.org; Fri, 04 Sep 2020 07:23:49 +0000
Received: from www.haxx.se ([2a00:1a28:1200:9::2] helo=giant.haxx.se) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <daniel@haxx.se>) id 1kE64Z-0008KX-KL for ietf-http-wg@w3.org; Fri, 04 Sep 2020 07:23:49 +0000
Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id 0847NBQ3005955 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 4 Sep 2020 09:23:11 +0200
Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id 0847NAFH005948; Fri, 4 Sep 2020 09:23:10 +0200
X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs
Date: Fri, 4 Sep 2020 09:23:10 +0200 (CEST)
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Stefan Eissing <stefan.eissing@greenbytes.de>
cc: Eric J Bowman <mellowmutt@zoho.com>, Willy Tarreau <w@1wt.eu>, Ietf Http Wg <ietf-http-wg@w3.org>
In-Reply-To: <13FF9481-ADFB-4006-A237-9CA795507C5B@greenbytes.de>
Message-ID: <alpine.DEB.2.20.2009040918540.15806@tvnag.unkk.fr>
References: <174578870d7.1265f983c12789.7350275676057542310@zoho.com> <20200904054051.GA2905@1wt.eu> <17457f2cfaa.b1c12efb13715.7081201094742751967@zoho.com> <13FF9481-ADFB-4006-A237-9CA795507C5B@greenbytes.de>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
Received-SPF: none client-ip=2a00:1a28:1200:9::2; envelope-from=daniel@haxx.se; helo=giant.haxx.se
X-W3C-Hub-Spam-Status: No, score=-4.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1kE64Z-0008KX-KL fa6fbb5a3543cd47e991e5a46095982b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Is HTTP/1.0 still relevant?
Archived-At: <https://www.w3.org/mid/alpine.DEB.2.20.2009040918540.15806@tvnag.unkk.fr>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38005
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Fri, 4 Sep 2020, Stefan Eissing wrote:

> Many existing OCSP clients in servers (*cough*), use HTTP/1.0 to staple 
> certificates. I have no data from the IoT devices of the world, but I would 
> suspect many of them will do as well.

On "IoT devices", meaning things that are smaller than what can comfortably 
run Linux, "HTTP(S) clients" are often the RTOS vendor's 100 lines of C code 
without error checks full of dirty assumptions which can only be considered 
HTTP/1.0 at best...

Luckily, such devices often use a specific subset of servers for particular 
purposes so most of those won't randomly go using servers "in the wild".

-- 

  / daniel.haxx.se