IETF Logo Mail Archive

Re: Why should caches and intermediaries ignore If-Match?

Tom Bergan <tombergan@chromium.org> Fri, 17 February 2017 22:09 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B65061296F5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 17 Feb 2017 14:09:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZerLh9cA_NmD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 17 Feb 2017 14:09:33 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B81B9129BF1 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 17 Feb 2017 14:09:30 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ceqgX-0003tY-3M for ietf-http-wg-dist@listhub.w3.org; Fri, 17 Feb 2017 22:07:25 +0000
Resent-Date: Fri, 17 Feb 2017 22:07:25 +0000
Resent-Message-Id: <E1ceqgX-0003tY-3M@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tombergan@chromium.org>) id 1ceqgS-0003sT-G4 for ietf-http-wg@listhub.w3.org; Fri, 17 Feb 2017 22:07:20 +0000
Received: from mail-wm0-f48.google.com ([74.125.82.48]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <tombergan@chromium.org>) id 1ceqgK-0003zK-LC for ietf-http-wg@w3.org; Fri, 17 Feb 2017 22:07:15 +0000
Received: by mail-wm0-f48.google.com with SMTP id v186so27665345wmd.0 for <ietf-http-wg@w3.org>; Fri, 17 Feb 2017 14:06:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z4qC/5jh+fxeZEtKU7YPthQIEcDUSlaQlERZ9wTPfg8=; b=KBvzQMfonYYbcbKm8W8WwbsoRWeMqY5kcUaiXm3BodwF+PUBX1NeOhq9j6TLnTAh0p ihK0CVznxsjyPfALklvsxMXwDWHlIp4nPFYT0BaXlewHnYKTARQsWFlpoNrHcHO/CrTz zyA5hK0jjylYu+FBiNCe+fLD0/MLUByjjvQ84=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z4qC/5jh+fxeZEtKU7YPthQIEcDUSlaQlERZ9wTPfg8=; b=VzW8dhOqv4IWkiBKnXiqnL54BcSKEJjatMQr3zR4isJNNUKJptaDz2TeF7PB8QyJaO EP5hJtBIirRYcrHMXE87N0SfZe6Xhm8+5RvBAxSQNJAMDLddeQiuuqXTGZCKL0zDL3lt TROCGlI63Jf13HlUEZiMaKQhKBWHrREZeNKcGbCuWZqj5THKjaGMGEhsLHn/RfhgN9kN nEdkVgknnZSDfy3pIv5SvybMkE8BVRQgshmReVv0jxhYc+KxUrxdMsVFxHzh4870P5mh /VVL2j+bD/UV41umfuMkIEkcFCFCIiJkJpEObL4K/0Bf+6FO23bgxD19nhb+zN4/qlnr 1rJg==
X-Gm-Message-State: AMke39myhv1dOlWU16wxYQ75bF1wIsm7d2BbXyAotAo4WeWSwfLd5ENOXT8lSW52nfVbC2ZB
X-Received: by 10.28.210.139 with SMTP id j133mr5864445wmg.67.1487369205219; Fri, 17 Feb 2017 14:06:45 -0800 (PST)
Received: from mail-wm0-f41.google.com (mail-wm0-f41.google.com. [74.125.82.41]) by smtp.gmail.com with ESMTPSA id 10sm3192479wmi.23.2017.02.17.14.06.44 for <ietf-http-wg@w3.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Feb 2017 14:06:44 -0800 (PST)
Received: by mail-wm0-f41.google.com with SMTP id c85so27609331wmi.1 for <ietf-http-wg@w3.org>; Fri, 17 Feb 2017 14:06:44 -0800 (PST)
X-Received: by 10.28.174.14 with SMTP id x14mr5793865wme.75.1487369203876; Fri, 17 Feb 2017 14:06:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.135.201 with HTTP; Fri, 17 Feb 2017 14:06:43 -0800 (PST)
In-Reply-To: <aaedcb18-2a19-9b77-95d9-0559e21407c2@measurement-factory.com>
References: <CA+3+x5FgdfAQ4Nos9VTGe35RiH8Z+3zZiUGH_bKXHz+VO+UAbQ@mail.gmail.com> <aaedcb18-2a19-9b77-95d9-0559e21407c2@measurement-factory.com>
From: Tom Bergan <tombergan@chromium.org>
Date: Fri, 17 Feb 2017 14:06:43 -0800
X-Gmail-Original-Message-ID: <CA+3+x5E_HPycm4axSLtO0jGmjDBS3=kVfhaJzKR+7n7S_yMgkg@mail.gmail.com>
Message-ID: <CA+3+x5E_HPycm4axSLtO0jGmjDBS3=kVfhaJzKR+7n7S_yMgkg@mail.gmail.com>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11443e560c534b0548c12172"
Received-SPF: pass client-ip=74.125.82.48; envelope-from=tombergan@chromium.org; helo=mail-wm0-f48.google.com
X-W3C-Hub-Spam-Status: No, score=-2.6
X-W3C-Hub-Spam-Report: AWL=1.400, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1ceqgK-0003zK-LC 67cf53d4cd9a0886aa3711845fe22b85
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Why should caches and intermediaries ignore If-Match?
Archived-At: <http://www.w3.org/mid/CA+3+x5E_HPycm4axSLtO0jGmjDBS3=kVfhaJzKR+7n7S_yMgkg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33579
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Feb 16, 2017 at 5:21 PM, Alex Rousskov <
rousskov@measurement-factory.com> wrote:

> On 02/15/2017 04:43 PM, Tom Bergan wrote:
>
> > RFC 7232 Section 3.1 says:
> >
> >> The If-Match header field can be ignored by caches and intermediaries
> >> because it is not applicable to a stored response.
> >
> > RFC 7234 Section 4.3.2 says the same thing:
> >
> >> The If-Match ... conditional header fields are not applicable to a
> cache.
> >
> > Why?
>
>
> When rewriting RFC 2616, HTTPbis authors concluded that "caches don't
> have enough information to process methods like If-Match" and decided to
> limit If-Match and If-Unmodified-Since effects to origin servers:
>
>     https://trac.ietf.org/trac/httpbis/ticket/498
>     https://trac.ietf.org/trac/httpbis/ticket/479
>     https://trac.ietf.org/trac/httpbis/changeset/2408
>
> I bet the authors were thinking about classic use cases that deal with
> uncachable resources created and/or updated on the origin server via
> POST/PUT/DELETE methods and missed some more esoteric use cases.
>
> N.B. "can be ignored" is not exactly "MUST ignore" so there is some
> wiggle room for cache optimization here (e.g., mismatching cached
> resources do not have to be DELETEd from a proxy cache, I guess).


Thanks for digging up the history!

> Suppose the client sends a GET request with If-Match: "A". This request
> > is first sent to an HTTP cache. Suppose the requested resource is
> > cached, and suppose the cache ignores the If-Match header as suggested
> > above. If the cache has version "B" cached, not version "A", the cache
> > will return a 2xx with ETag: "B".
>
> Yes, If-Match in HTTPbis is not designed to work [well] with GET methods
> that result in cachable responses.
>
>
> > This behavior is surprising and seems
> > to contradict the following statement from RFC 7232 Section 3.1:
>
> >> [If-Match] can also be used with safe
> >> methods to abort a request if the selected representation does not
> >> match one already stored (or partially stored) from a prior request.
>
> I suspect this text now refers to representations stored on the origin
> server [as the result of prior conditional requests], not
> representations cached by a proxy. Again, the former is probably the
> only intentionally supported use case as far as HTTPbis is concerned.
>
>
> > I am trying to use If-Match for exactly this reason.
>
> Then you have two options:
>
> A) Claim that s/server/origin/g change was wrong and fix HTTPbis RFCs.
> B) Make sure your responses are not cachable.
>
> Given the widespread changes and serious incompatibility with RFC 2616
> that an HTTPbis fix to satisfy your use case would require, I cannot
> recommend (A) unless HTTPbis authors explicitly encourage you to propose
> a fix.
>
>
> > I understand why a cache would not generate 412s. The cache is not
> > authoritative for the resource and 412 implies authority. But, it seems
> > like the cache should never respond with an ETag that is disallowed by
> > If-Match, and if the cache does not have an allowed ETag, then the
> > request should be forwarded to the origin. Does that sound right?
>
> It sounds reasonable to me but it would violate the original RFC 2616
> text and go against the letter (but perhaps not the intent) of the new
> HTTPbis rules.


That would violate the letter of RFC 7232, as you say, but I don't think it
would violate the original RFC 2616 text? RFC 2616 Section 14.24 only
mentions caches once, in relation to If-Match: *, and that mention implies
that caches must handle If-Match:

> RFC 2616 Section 14.24
> The meaning of "If-Match: *" is that the method SHOULD be performed
> if the representation selected by the origin server (or by a cache,
> possibly using the Vary mechanism, see section 14.44) exists, and
> MUST NOT be performed if the representation does not exist.

Mark, Roy, any thoughts?

Given the potential for incompatibility, we're going to look into a
solution that doesn't use If-Match, but it still seems like RFC 7232 should
be updated to explicitly state that either (a) caches should not process
requests with If-Match, or (b) caches may process requests with If-Match,
as suggested above.

v2.23.0 | Report a Bug | By Email