HTTP/2 extensibility <draft-ietf-httpbis-http2-17>
Bob Briscoe <bob.briscoe@bt.com> Thu, 05 March 2015 12:59 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C151E1B2C81 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Mar 2015 04:59:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y8o1Md6VkjCO for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Mar 2015 04:59:24 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED5E01A88F8 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 5 Mar 2015 04:59:23 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YTVJi-0002VE-FT for ietf-http-wg-dist@listhub.w3.org; Thu, 05 Mar 2015 12:55:54 +0000
Resent-Date: Thu, 05 Mar 2015 12:55:54 +0000
Resent-Message-Id: <E1YTVJi-0002VE-FT@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <bob.briscoe@bt.com>) id 1YTVJY-0002UT-12 for ietf-http-wg@listhub.w3.org; Thu, 05 Mar 2015 12:55:44 +0000
Received: from hubrelay-rd.bt.com ([62.239.224.99]) by maggie.w3.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <bob.briscoe@bt.com>) id 1YTVJW-0006SR-Ow for ietf-http-wg@w3.org; Thu, 05 Mar 2015 12:55:43 +0000
Received: from EVMHR02-UKBR.domain1.systemhost.net (193.113.108.41) by EVMHR68-UKRD.bt.com (10.187.101.23) with Microsoft SMTP Server (TLS) id 8.3.348.2; Thu, 5 Mar 2015 12:55:15 +0000
Received: from EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) by EVMHR02-UKBR.domain1.systemhost.net (193.113.108.41) with Microsoft SMTP Server (TLS) id 8.3.348.2; Thu, 5 Mar 2015 12:55:12 +0000
Received: from bagheera.jungle.bt.co.uk (132.146.168.158) by EPHR01-UKIP.domain1.systemhost.net (147.149.196.177) with Microsoft SMTP Server id 14.3.181.6; Thu, 5 Mar 2015 12:55:09 +0000
Received: from BTP075694.jungle.bt.co.uk ([10.111.116.114]) by bagheera.jungle.bt.co.uk (8.13.5/8.12.8) with ESMTP id t25Ct8YK001645; Thu, 5 Mar 2015 12:55:08 GMT
Message-ID: <201503051255.t25Ct8YK001645@bagheera.jungle.bt.co.uk>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Thu, 05 Mar 2015 12:55:07 +0000
To: mbelshe@chromium.org, fenix@google.com, martin.thomson@gmail.com
From: Bob Briscoe <bob.briscoe@bt.com>
CC: ietf-http-wg@w3.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.56 on 132.146.168.158
Received-SPF: pass client-ip=62.239.224.99; envelope-from=bob.briscoe@bt.com; helo=hubrelay-rd.bt.com
X-W3C-Hub-Spam-Status: No, score=-0.7
X-W3C-Hub-Spam-Report: RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: maggie.w3.org 1YTVJW-0006SR-Ow 30f1c211569ecf6035819bb6b8f0d253
X-Original-To: ietf-http-wg@w3.org
Subject: HTTP/2 extensibility <draft-ietf-httpbis-http2-17>
Archived-At: <http://www.w3.org/mid/201503051255.t25Ct8YK001645@bagheera.jungle.bt.co.uk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28889
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
HTTP/2 folks, I've reviewed the whole draft. I know the draft has just successfully passed IESG review, but I hope this posting is still useful. My credentials for this: first role in the IETF in 1995 was to ensure HTTP/1.1 generalised from Web pages to objects, but for the last 15 years my focus has shifted down the layers into transport. Non-credentials: I've been paying insufficient attention to HTTP/2 until now, but I have tried to research back over the ML for the rationale behind design decisions. So consider this as a late review from a clueful but fresh pair of eyes. My main concerns are * extensibility * flow control * numerous open issues left dangling I'll cover extensibility here, and my other concerns (as well as nits) in subsequent posting. Achieving this milestone on time has been impressive. I understand the reasons for having to get something standardised. However, I see potential problems. And that would be fine, but only if there were a more granular mechanism to extend the protocol to fix it in future. For instance, a number of potential issues around DoS are left open. If the protocol has to be hardened against new attacks, I believe the recommended extensibility path is to design and implement a completely new protocol release, then upgraded endpoints negotiate it during the initial handshake. The timescale for such a process is measured in years, during which the vulnerability has to be lived with. Surely we need more granular extensibility; to introduce new frame types and structures, and/or to deprecate outdated/vulnerable ones. Rather than a blanket statement saying that an endpoint discards and ignores a frame type that it does not recognise, we should include a field in the generic frame header to specify this behaviour. In this way, the currently defined extensibility behaviour could be required or relaxed depending on what the future brings - instead of having to decide the extensibility model now. This would be safe, because the worst an attacker can do is inject a new unrecognised header and get it forwarded, but not acted on. Unless it is a type known to at least one implementation, it will never be acted on. The same point applies to extending known frame types. There is no point having a length field on frames if any length other than that specified produces a FRAME_SIZE_ERROR. For extensibility, a frame with an unexpected length should at least be ignored, rather than leading to a stream error. Ideally, similar to above, there should be a field that specifies what action to take (forward or not) if the structure of the frame type is unrecognised. One of the greatest strengths of HTTP/1.x was the general rule about unrecognised headers, which enabled 'a thousand flowers to bloom'. The few most beautiful ones survived. If evolution can only proceed in giant steps, the natural selection process will be glacially slow. HTTP is important to us all. It has now become the only way to extend transport capabilities. The last thing we should do is build over the only pathway we have left with an evolutionary cul-de-sac. Bob ________________________________________________________________ Bob Briscoe, BT
- HTTP/2 extensibility <draft-ietf-httpbis-http2-17> Bob Briscoe
- Re: HTTP/2 extensibility <draft-ietf-httpbis-http… Martin Thomson
- RE: HTTP/2 extensibility <draft-ietf-httpbis-http… Mike Bishop
- Re: HTTP/2 extensibility <draft-ietf-httpbis-http… Ben Niven-Jenkins
- RE: HTTP/2 extensibility <draft-ietf-httpbis-http… Bob Briscoe
- Re: HTTP/2 extensibility <draft-ietf-httpbis-http… Bob Briscoe
- Re: HTTP/2 extensibility <draft-ietf-httpbis-http… Poul-Henning Kamp
- RE: HTTP/2 extensibility <draft-ietf-httpbis-http… Bob Briscoe