IETF Logo Mail Archive

Re: Benjamin Kaduk's Discuss on draft-ietf-httpbis-http2bis-06: (with DISCUSS and COMMENT)

Martin Thomson <mt@lowentropy.net> Fri, 07 January 2022 04:16 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C95A3A12C2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 6 Jan 2022 20:16:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.748
X-Spam-Level:
X-Spam-Status: No, score=-2.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=aRBAj1wt; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Ehy2J+PT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pLlVnO-lH4EZ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 6 Jan 2022 20:16:51 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7353A12C4 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 6 Jan 2022 20:16:50 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1n5gdw-0004RM-Jw for ietf-http-wg-dist@listhub.w3.org; Fri, 07 Jan 2022 04:14:20 +0000
Resent-Date: Fri, 07 Jan 2022 04:14:20 +0000
Resent-Message-Id: <E1n5gdw-0004RM-Jw@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1n5gdv-0004QN-0P for ietf-http-wg@listhub.w3.org; Fri, 07 Jan 2022 04:14:19 +0000
Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mt@lowentropy.net>) id 1n5gds-00037P-PM for ietf-http-wg@w3.org; Fri, 07 Jan 2022 04:14:18 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 224385C0140; Thu, 6 Jan 2022 23:14:06 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Thu, 06 Jan 2022 23:14:06 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm1; bh=DA 6TK0oOd4oNDz3F5qch03vAA4yOLqWACVRfupTRN3E=; b=aRBAj1wtYOa43oq8Bv D53JEf52Da4LfOeio5B9A6x4R3eXToZFttxPCSdh6K/6RmXW6IzQOfsHZYEdnRXl LGw/yhq/tzObER5PJvGnYB8W+sGoKWp5TcV5hKShm6kFdlnoFPqKuvn0cjMPUf+/ Yjk09lebYm1slIIC7g2rwMHVUcI5GbBt0IPcNLHnsompwvzjmhNdJkLqT7LQqQ1a 22uSYRn5PPzVCOSuEloYpb3daFnP3N+fDaGHh10pz5Hnw1vMliTdmS5I9hn8ZKHc RLD8NR79pkOBlfxPqoGa63yo+wGJgdXwlP7cuMF1NKbsO0/zwTOtBP2Q88TOjQ3Y jFrQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=DA6TK0oOd4oNDz3F5qch03vAA4yOLqWACVRfupTRN 3E=; b=Ehy2J+PTGz+W5L1LzpGgs38J/qh3Uc1RSi5kU7OIspPmS/IHrGyR7kglO XLTveR7zQmiWA+6xtrpZ7LcWxHEosP9W4yPRuDArQi0Rpm59EZmoieJ1TI5SfvK3 GnnjKGlOQ6SwVn6ILfGlD5neZNrI+OfsyHixe0zHaKzDANZp9XAR+vAa6ZaA08O5 TiVUnpCHQwSnoE73nMmLfXxKiveuYTPIcfxY2YK4AUEkZa0NWIgV7BBW+YDF0MfZ /G4YGrwsNrxgVmGYkX3MHaC1T8EuPLw1mNZMsx2V+jsEYIQELq5Fe8oWO2Uceey3 5s3V82iGIlGQTufKcRSrjECpoO5hQ==
X-ME-Sender: <xms:Db7XYRMt8VLKugraGqFRA9v5hpwwSZHAeek-w93sgmLDnvzqGutdhA> <xme:Db7XYT9fqU59DWsakJaW2X1T3yzqTZeK3qLxcY1p2mSGylVm8FLMYbAcUfH5T3P0b tTyKmLrczR0Uc0Fh70>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrudegtddgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ggtffrrghtthgvrhhnpeejhfffleehvedufeejfedvvdfhvdeiteduheeuffduveduueeg leefffffledvfeenucffohhmrghinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhp hidrnhgvth
X-ME-Proxy: <xmx:Db7XYQSAJBGd3gDhbb9xvv7XA7YJ-lQlXioHtZ03ydG8b6omnEYkeA> <xmx:Db7XYduFIdiwl_C12EWJq8L-IeLB8jYFPKDKxc1ZprbahjNMXINXkw> <xmx:Db7XYZeEsLBhGfhgQlqhWhCEWDxzxabd5MYQ9HDKnKD3GYYJzT0BXQ> <xmx:Dr7XYd72-j-ro4t7mgJqLfUcm0Cysc6a_bI7oeYGUkNk6-TlS78KLg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D7B453C0465; Thu, 6 Jan 2022 23:14:05 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4526-gbc24f4957e-fm-20220105.001-gbc24f495
Mime-Version: 1.0
Message-Id: <a6e8670a-8077-475d-bae7-eb52467adbe3@beta.fastmail.com>
In-Reply-To: <164140462964.4734.2810365990802222269@ietfa.amsl.com>
References: <164140462964.4734.2810365990802222269@ietfa.amsl.com>
Date: Fri, 07 Jan 2022 15:13:46 +1100
From: Martin Thomson <mt@lowentropy.net>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
Cc: draft-ietf-httpbis-http2bis@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, Mark Nottingham <mnot@mnot.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=66.111.4.25; envelope-from=mt@lowentropy.net; helo=out1-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1n5gds-00037P-PM 1482c03455f2a3508e727f47fe19ac80
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Benjamin Kaduk's Discuss on draft-ietf-httpbis-http2bis-06: (with DISCUSS and COMMENT)
Archived-At: <https://www.w3.org/mid/a6e8670a-8077-475d-bae7-eb52467adbe3@beta.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39711
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

For your comments, I have a few responses inline.  I've deleted those that I more or less directly accepted.  There were some good ones there, but I see no need to add to the size of this email.  See the pull request for details:

https://github.com/httpwg/http2-spec/pull/1012

On Thu, Jan 6, 2022, at 04:43, Benjamin Kaduk via Datatracker wrote:
>    *  The ranges of codepoints for settings and frame types that were
>       reserved for "Experimental Use" are now available for general use.

Good catch.  That was lost in a refactoring of the IANA Considerations section.  That was in error.

https://github.com/httpwg/http2-spec/pull/1011

> There are a number of places in the section-by-section comments where I
> compare this document to the text in the quic-http spec; those comparisons
> were made mostly in vacuum, and can safely be ignored if there are known
> reasons for divergence between h/2 and h/3.
>
> Section 4.1
>
> I recall that quic-http has a note on the generic frame format that each
> frame's payload must contain exactly the fields listed, with no additional
> bytes and not terminating before the end of the listed fields, and that
> redundant length-encodings must be verified for consistency.  While I don't
> actually see any redundant length encodings in the frame types specified in
> this document (but maybe there is some redundancy when HPACK is added into
> the mix?), the other cautions from h/3 might be worth mentioning here as
> well.

HTTP/2 has no redundant lengths other than the length field itself which is often redundant.  We have adequate text but it is on a per-frame basis.

HTTP/3 is allowed to be better here.   I think we're OK without a change.

> Section 5.1
>
>    half-closed (local):  A stream that is in the "half-closed (local)"
>       [...]
>       An endpoint can receive any type of frame in this state.
>       [...]
>       PRIORITY frames can be received in this state.
>
> I'm not sure whether this redundancy is adding much.  In RFC 7540 the last
> sentence was followed by a note about "used to reprioritize streams that
> depend on the identified stream", but since PRIORITY is basically neutered
> now it may not need a special mention.

I would prefer to keep this as it is a common error.  It's easy to forget to allow this, especially now that PRIORITY is deprecated.

>    closed:  The "closed" state is the terminal state.
>    [...]
>       An endpoint that sends a frame with the END_STREAM flag set or a
>       RST_STREAM frame might receive a WINDOW_UPDATE or RST_STREAM frame
>       from its peer in the time before the peer receives and processes
>       the frame that closes the stream.
>
> Could such a client also receive PUSH_PROMISE frames in this situation?
> The following paragraph (about the "open"->"closed" via sending RST_STREAM
> transition) does mention receiving any frame (and PUSH_PROMISE specifically)
> and the need to update compression state, but if I understand correctly
> PUSH_PROMISE can happen after a "half-closed (local)"->"closed" transition
> due to sending RST_STREAM as well, which does not seem covered by the
> existing text.

The next paragraph covers that case, but neglected to mention "half-closed (local)" in that, which it should have.  I think that covers your other points about this.

> Section 5.1.2
>
>    An endpoint that wishes to reduce the value of
>    SETTINGS_MAX_CONCURRENT_STREAMS to a value that is below the current
>    number of open streams can either close streams that exceed the new
>    value or allow streams to complete.
>
> Is there a race condition here between the peer continuously creating new
> connections and the endpoint closing connections to try to lower the value?
> In particular, what happens if the SETTINGS that reduces the value crosses
> on the wire with the frame creating a stream that would exceed the value?

The new limit only applies after the peer acknowledges the change, so as long as they are within the limit that is currently acknowledged, they are not in violation of the protocol.  This is really talking about what to do about those that are nominally within the limit, but in excess of what the endpoint really wants.

> Section 8.4.1
>
>    The header fields in PUSH_PROMISE and any subsequent CONTINUATION
>    frames MUST be a valid and complete set of request header fields
>    (Section 8.3.1).  The server MUST include a method in the :method
>    pseudo-header field that is safe and cacheable.  If a client receives
>    a PUSH_PROMISE that does not include a complete and valid set of
>    header fields or the :method pseudo-header field identifies a method
>    that is not safe, it MUST respond with a stream error (Section 5.4.2)
>    of type PROTOCOL_ERROR.
>
> Up in §8.4 we seemed to talk about the same (non-safe) scenario by saying
> that the promised stream being reset with the PROTOCOL_ERROR.  But I read
> this text ("respond with a stream error") as applying to the explicit
> request to which the promised request is associated.  Is that the intent?
> If not, perhaps we should say "respond on the promised stream ID".

Good question.  The error exists with the promise, not the request, so I think the latter.

> Section 9.1
>
>    Clients SHOULD NOT open more than one HTTP/2 connection to a given
>    host and port pair, where the host is derived from a URI, a selected
>    alternative service [ALT-SVC], or a configured proxy.
>
> quic-http has similar text (in §3.3), but it refers to a given IP address
> and port, rather than host and port.  Is the difference between host and IP
> address significant when comparing h/2 and h/3?  (When using IP addresses,
> we of course have to additionally talk about name resolution of the other
> types of identifier.)

I honestly don't know.  I think perhaps host is better in this case in the sense that clients aim to connect to hosts and connection coalescing is not a requirement, just permitted (as noted in the text that follows).  I'm not sure that it really matters ultimately, but it's worth checking.

Perhaps Mike Bishop can help us here.

> Section 10.5.2
>
>    The CONNECT method can be used to create disproportionate load on a
>    proxy, since stream creation is relatively inexpensive when compared
>    to the creation and maintenance of a TCP connection.  A proxy might
>    also maintain some resources for a TCP connection beyond the closing
>    of the stream that carries the CONNECT request, since the outgoing
>    TCP connection remains in the TIME_WAIT state.  Therefore, a proxy
>    cannot rely on SETTINGS_MAX_CONCURRENT_STREAMS alone to limit the
>    resources consumed by CONNECT requests.
>
> Looking at the diff from this text to §10.5.2 of quic-http, I see the latter
> has a new sentence about "a proxy that supports CONNECT might be more
> conservative in the number of simultaneous requests it accepts", and also
> has some different phrasing in the last sentences about "might delay
> increasing the stream limit after a TCP connection terminates" vs "cannot
> rely on SETTINGS_MAX_CONCURRENT_STREAMS alone".  I think that the overall
> issues in this space remain pretty analogous between h/3 and h/2, so we
> might want to pull in more of the updated h/3 text here.

The mitigations available in QUIC are not viable for HTTP/2, so I think we're OK with that difference.  (Again HTTP/3 is allowed to be better.)

> Separately, do we want to mention [TALKING] again here and the issues it
> raises?

I don't think that those are specific to CONNECT or uniquely worse with CONNECT.

v2.23.0 | Report a Bug | By Email