Re: Is HTTP/1.0 still relevant?

Eric J Bowman <mellowmutt@zoho.com> Fri, 04 September 2020 07:12 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3DE33A07A9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:12:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.748
X-Spam-Level:
X-Spam-Status: No, score=-2.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (768-bit key) header.from=mellowmutt@zoho.com header.d=zoho.com; dkim=pass (1024-bit key) header.d=zoho.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IOWpmRk-NbIm for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 4 Sep 2020 00:12:32 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E63BE3A0796 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 4 Sep 2020 00:12:31 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kE5rL-0005Y5-A8 for ietf-http-wg-dist@listhub.w3.org; Fri, 04 Sep 2020 07:10:07 +0000
Resent-Date: Fri, 04 Sep 2020 07:10:07 +0000
Resent-Message-Id: <E1kE5rL-0005Y5-A8@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mellowmutt@zoho.com>) id 1kE5rJ-0005XE-Dj for ietf-http-wg@listhub.w3.org; Fri, 04 Sep 2020 07:10:05 +0000
Received: from sender4-pp-o93.zoho.com ([136.143.188.93]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <mellowmutt@zoho.com>) id 1kE5rH-0005Fa-DJ for ietf-http-wg@w3.org; Fri, 04 Sep 2020 07:10:05 +0000
ARC-Seal: i=1; a=rsa-sha256; t=1599203367; cv=none; d=zohomail.com; s=zohoarc; b=Jb3n8I0jBL4lgMIbUVnWEIoBKnpnfb2wAmQrcZSgRxlT3BXy04YhhQXOK3/LXkXTJKEkEChHYOzomXGNsm+RIyC88xeaIxuU17oFTEDZLb5RGA0obsqGGFspdD90vXsyUu3TOfOTBgoOD4qXpKziBMM1Pr1QrDLQeTM2UUsopf0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1599203367; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=wOOqeQKPwaXAHQ+cSrbPoYL7bNt4P1MYxgpQqEHSaaY=; b=XqcpVDkKRSxT0LsdnxrL61q5v0EpXIRGQzpDsrt4cjI1tipe3or6qQzPIXauH+DdaXAv4koTrlTXuVjOtf+m5EAgSjMEhgxJoRpD4bV4T0MGVRpFAxoRgu8aGAhtINBd+rXYith5xLPW6EDSsqkHa5FYz4SVJBGAkAx5/sVd+Ek=
ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=zoho.com; spf=pass smtp.mailfrom=mellowmutt@zoho.com; dmarc=pass header.from=<mellowmutt@zoho.com> header.from=<mellowmutt@zoho.com>
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=date:from:to:cc:message-id:in-reply-to:references:subject:mime-version:content-type:user-agent; b=Dqv+HZJ4FRJh0TRL9Ipkygy7KRqMxxqLDeVMzmo/pZ6DycLb1fR8Urh1xbAbJq8uNvJD0CXA8DdH WmU4tOX30bN4Rkkood2r0CHzPrmH145LxCbDKEgfHVZeyabcIYCP
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1599203367; s=zm2020; d=zoho.com; i=mellowmutt@zoho.com; h=Date:From:To:Cc:Message-Id:In-Reply-To:References:Subject:MIME-Version:Content-Type; bh=wOOqeQKPwaXAHQ+cSrbPoYL7bNt4P1MYxgpQqEHSaaY=; b=K8YowSyBb1M645dUfCewtbLpYigxQoISAPAsCnycyvzK5W5vVvzuNUBxTnwBWkHK rcSojD669Jz9kP3Ekl+V+fj5kXtPg1ldQ2WunTHfuDps/zEJzuk4kC0HuZPR7a7JJ0O MpUJU4Okh616b5BcEOX+dc03ERWGzD5mdYlenxaA=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1599203364804276.4243901610299; Fri, 4 Sep 2020 00:09:24 -0700 (PDT)
Received: from [65.117.211.248] by mail.zoho.com with HTTP;Fri, 4 Sep 2020 00:09:24 -0700 (PDT)
Date: Fri, 04 Sep 2020 00:09:24 -0700
From: Eric J Bowman <mellowmutt@zoho.com>
To: "Willy Tarreau" <w@1wt.eu>
Cc: "Ietf Http Wg" <ietf-http-wg@w3.org>
Message-Id: <17457f2cfaa.b1c12efb13715.7081201094742751967@zoho.com>
In-Reply-To: <20200904054051.GA2905@1wt.eu>
References: <174578870d7.1265f983c12789.7350275676057542310@zoho.com> <20200904054051.GA2905@1wt.eu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_37714_1183935480.1599203364778"
Importance: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Received-SPF: pass client-ip=136.143.188.93; envelope-from=mellowmutt@zoho.com; helo=sender4-pp-o93.zoho.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1kE5rH-0005Fa-DJ a28c9be7c6a5d49ffda39026b1a34a61
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Is HTTP/1.0 still relevant?
Archived-At: <https://www.w3.org/mid/17457f2cfaa.b1c12efb13715.7081201094742751967@zoho.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38001
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

---- On Thu, 03 Sep 2020 22:40:51 -0700 Willy Tarreau <mailto:w@1wt.eu> wrote ---- 

>

> Hi,

>

On Thu, Sep 03, 2020 at 10:13:13PM -0700, Eric J Bowman wrote:

>>

>> Hi, I'm greenfield-coding a webserver, and wondering if I can just do away

>> with back-compat with HTTP/1.0. My concern is it's still alive and kicking on

>> intermediaries. Is there any empirical data on this? Opinions also

>> appreciated.

>>

>

> It really depends what your target is. If you want to support browsers

> and nothing else, it's probably fine to simply fail on it. If you're

> expecting that applications built on top of your web server are compatible

> with various perf testing tools, monitoring scripts, availability tests,

> dirty in-house search engines, or just succeed in some compliance tests,

> it's probably better to still support it.

>



Hey Willy! Long time no chat. :) I try to code for all intermediaries and

clients, not just browsers, but at this point in time I'm also trying to

eliminate edge cases from my code, because I want to hold it all in my head.



I both appreciate and hate your answer! I didn't realize that the sorts of

testing scripts you mention are still looking for HTTP/1.0 compat. I'm

coding a development server, but I want it to handle significant real-world

traffic all the same. I don't care about meeting any test criteria but my

own, I suppose, when you get down to it. But I am an old dog trying to learn

new tricks!



>

> In addition I'd suggest that once you've implemented HTTP/1.1, you'll

> note that implementing HTTP/1.0 requires no effort as it's only a subset

> of HTTP/1.1, so you'll just have to add a few "if" around some code

> blocks. In short, Connection defaults to close instead of keep-alive...

>



Exactly! My code's a lot cleaner and even removes a comment, if I default

to HTTP/1.1 for the Connection header. I'm trying to avoid "just add[ing] a

few" lines of code. It's 2020. I want to hold my webserver code in my head.

I don't want to eplain back-compat with HTTP/1.0 anymore, let alone pollute

my code with it, unless it's really still necessary, which I'm trying to

ascertain.



>

> neither chunked transfer-encoding nor 1xx responses are expected to be

> supported, and Host is optional. Thus not supporting 1.0 would make your

> 1.1 implementation look fairly suspicious about its ability to adapt to

> a client or server's 1.1 capabilities.

>



Every httpd I've ever coded or configured, has bent over backwards to avoid

T-E chunked or 1xx responses, and requires the Host header. But hey, if this

was 2005, I'd be 95% done with my webserver code, not like, 33% tops atm...



>

> The real difficulty with 1.0 is that most of the time such requests come

> from very low-quality clients (mostly scripts) that do not even look at

> the content-length header.

>



Hmmm... yeah. Development server. Strict is fine. I'll be making HTTP/1.1

my baseline and not worrying about 1.0, but thanks for explaining to me how

that can go wrong. For this project, I don't think I care. If I did care,

thanks for pointing out that it isn't all that difficult to support 1.0.



>

> Just my two cents,

> Willy

>



Your two cents is always worth a nickel. ;)



-Eric