Re: #461, was: p4: editorial suggestions

Mark Nottingham <mnot@mnot.net> Mon, 06 May 2013 07:21 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A7C421F8314 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 May 2013 00:21:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.266
X-Spam-Level:
X-Spam-Status: No, score=-9.266 tagged_above=-999 required=5 tests=[AWL=1.333, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8APPCPNCZTQ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 May 2013 00:21:48 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 905C821F8551 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 6 May 2013 00:21:48 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UZFjr-0002JR-SC for ietf-http-wg-dist@listhub.w3.org; Mon, 06 May 2013 07:21:35 +0000
Resent-Date: Mon, 06 May 2013 07:21:35 +0000
Resent-Message-Id: <E1UZFjr-0002JR-SC@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1UZFji-0002I3-1L for ietf-http-wg@listhub.w3.org; Mon, 06 May 2013 07:21:26 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1UZFjZ-0004nD-PR for ietf-http-wg@w3.org; Mon, 06 May 2013 07:21:24 +0000
Received: from [192.168.1.80] (unknown [118.209.105.214]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 8EBE122E1F4; Mon, 6 May 2013 03:20:55 -0400 (EDT)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <51875940.9050608@gmx.de>
Date: Mon, 6 May 2013 17:20:51 +1000
Cc: Ken Murchison <murch@andrew.cmu.edu>, ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <98492929-5A95-41DE-8CB8-4E69A4419D65@mnot.net>
References: <517FC225.4020609@gmx.de> <517FD961.5020108@andrew.cmu.edu> <1A0A9A80-3552-43F0-8A30-4235660ABBC3@mnot.net> <5182102B.2080200@gmx.de> <5FED5920-BC5D-409B-98E1-CF15CFF7EFE4@mnot.net> <51874DEB.2070802@gmx.de> <1BEACC84-4BA0-4E23-9E08-5EE6B74F03CF@mnot.net> <51875940.9050608@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
X-Mailer: Apple Mail (2.1503)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-3.393, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UZFjZ-0004nD-PR fe2438d8150c8184c2fbe11435660ee3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #461, was: p4: editorial suggestions
Archived-At: <http://www.w3.org/mid/98492929-5A95-41DE-8CB8-4E69A4419D65@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17846
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Reminder - this is an editorial issue, you're in the driver's seat. :)

Thanks for explaining your reasoning, that's very appreciated at this stage of the process.

Cheers,


On 06/05/2013, at 5:18 PM, Julian Reschke <julian.reschke@gmx.de> wrote:

> On 2013-05-06 08:34, Mark Nottingham wrote:
>> 
>> On 06/05/2013, at 4:30 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
>>> 
>>> a) For some of these, MUST may be better.
>> 
>> I thought you were interested in keeping changes minimal... :)
> 
> I'm mainly interested to finish HTTP/1.1. This implies that we should now concentrate on fixing things that are broken. This does not appear to be broken.
> 
>>> b) It always has been MUST, why change it?
>> 
>> Because strictly interpreted, it can result in leaking information about resources that require authentication (among other nonsensical conditions).
> 
> How so?
> 
> "For each conditional request, a server MUST evaluate the request preconditions after it has successfully performed its normal request checks (i.e., just before it would perform the action associated with the request method). Preconditions are ignored if the server determines that an error or redirect response applies before they are evaluated. Otherwise, the evaluation depends on both the method semantics and the choice of conditional."
> 
>>> And most importantly:
>>> 
>>> c) A conditional header field may be used to protect a potentially destructive request to change a resource that has been updated in between. Clients must be able to rely on that this protection works (and they do rely on it now), so it is a MUST fail. The also rely on a specific status code being returned in this case for diagnostics, so I believe it has to remain a "MUST fail" with this specific code.
>> 
>> Great; we can make it MUST NOT apply the method, as we do elsewhere in several places already, whilst making the status code to return a SHOULD.
> 
> I still don't understand the benefit, but I *do* see drawbacks.
> 
> Best regards, Julian
> 

--
Mark Nottingham   http://www.mnot.net/