IETF Logo Mail Archive

Re: Fwd: New Version Notification for draft-toomim-httpbis-versions-00.txt

Michael Toomim <toomim@gmail.com> Fri, 18 October 2024 23:02 UTC

Received: by ietfa.amsl.com (Postfix) id 8F264C1DA1D5; Fri, 18 Oct 2024 16:02:23 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E590C1D8764 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Oct 2024 16:02:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.857
X-Spam-Level:
X-Spam-Status: No, score=-2.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="Yhx1fySM"; dkim=pass (2048-bit key) header.d=w3.org header.b="bIvVKWGj"; dkim=pass (2048-bit key) header.d=gmail.com header.b="EIcr/heZ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1eKZSVSD89zI for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 18 Oct 2024 16:02:19 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9779C14F6BF for <httpbisa-archive-bis2Juki@ietf.org>; Fri, 18 Oct 2024 16:02:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:In-Reply-To:From:References:Cc:To:MIME-Version:Date: Message-ID:Content-Type:Reply-To; bh=MTZQZkvI03CF4vN/4aFJ4lhDSZtiKY1rqaBzDZbMy7Q=; b=Yhx1fySMVpqpqFrbWMQzrUuKh1 961N2viGlBIpPOvvKQnQ9A0xHi90xlPsU8/B387kt01jvuJvkZ261aAQwAwz9dXehIhv4xdNIPKeQ tq8Wuaq0QZeZTfDaaEHPnqqG8MQd5w63+6pfnZ6Bs1vpNpT/YegY4uP/M4A12k61XKXuwXhJxPQH5 02ZMT09OMOvWbcHpkwfPGmSdKF1y0LrduPc5PymT5JTxgMKhDTz8d8A1D+56U0cm31zsIqWSa7qXg yZ1C+D1DhrQBd99yrPw5ORTTlMbkyvyvJXeZZELV3kQvUt5iXkAQvxF1tIhOuW2K9IXfqF7m03Zw2 NU3Ahl9g==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1t1vyB-001GYk-20 for ietf-http-wg-dist@listhub.w3.org; Fri, 18 Oct 2024 23:01:19 +0000
Resent-Date: Fri, 18 Oct 2024 23:01:19 +0000
Resent-Message-Id: <E1t1vyB-001GYk-20@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <toomim@gmail.com>) id 1t1vy9-001GXp-1a for ietf-http-wg@listhub.w3.internal; Fri, 18 Oct 2024 23:01:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=In-Reply-To:From:References:Cc:To:Subject:MIME-Version:Date: Message-ID:Content-Type:Reply-To; bh=MTZQZkvI03CF4vN/4aFJ4lhDSZtiKY1rqaBzDZbMy7Q=; t=1729292477; x=1730156477; b=bIvVKWGjhurFm8sllCR3gE+vHYuHi2FygZhekY+OoWk1MDJuSaEJsWCbyaQCl6JOtSMVnyaq/yj yAh/ES9iZ97BU7jHmrUP5rGzAOYzTbgsUBPyki+b2xEhFSl1Tx4CHb066OFpRg2EQDxBmZOwEz9Ex E2K6HgSjSgRuopBtV6DJFNSByPO07TB0G06Y3M1jWvU1K8QcxQVaUVOIo5AwZkJUpCHSya9oG/+iA YT77MQF35FLhph30OBq1QTksA/zc5Z0JhsaBDU1hJ5j/YjHfSHTHkQPdMC9Eq0H0V6fTHIzcnrOc3 V/13XEgFxTxSqtbx5ED2ontAyEMXRnGDSWPA==;
Received-SPF: pass (puck.w3.org: domain of gmail.com designates 2607:f8b0:4864:20::430 as permitted sender) client-ip=2607:f8b0:4864:20::430; envelope-from=toomim@gmail.com; helo=mail-pf1-x430.google.com;
Received: from mail-pf1-x430.google.com ([2607:f8b0:4864:20::430]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <toomim@gmail.com>) id 1t1vy8-00060n-26 for ietf-http-wg@w3.org; Fri, 18 Oct 2024 23:01:17 +0000
Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-71e4c2e36daso2740452b3a.0 for <ietf-http-wg@w3.org>; Fri, 18 Oct 2024 16:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729292473; x=1729897273; darn=w3.org; h=in-reply-to:from:content-language:references:cc:to:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=MTZQZkvI03CF4vN/4aFJ4lhDSZtiKY1rqaBzDZbMy7Q=; b=EIcr/heZgIYi38CpfwcIalf2EU/dQ92f+y+fnpKNQ0mu9+mPigWqLRscqe9cQas9xW xsrMk4/i6uezj9QiGpY3k6Q6Z1vlzhqNy4tEv9pJDdEtKyuoQFzB1UOq0HifvR67R7ie XoYqvnX8Ed4vWj43PJcw+U4bMPpjPwzMV+g7uw4w1GqUT14rLqy+9AXuShCEdjpRwun6 h7fQfSFwSlC5wV/wnsLVwSPKqnCAP8KJaB7Bf5TcY7ZSiDztk7S+eRVnjPaITdSYO6pP 4Juv3e6MxdoIeiPwQuV0uHQ5iqcZE22erpTZLPad4Kt+/Mx1S7j3us0+91KACJBuyUz2 TN6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729292473; x=1729897273; h=in-reply-to:from:content-language:references:cc:to:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MTZQZkvI03CF4vN/4aFJ4lhDSZtiKY1rqaBzDZbMy7Q=; b=cB1cGVnG1UJkud8wGprgOpjv+b4ERe4IqOsjvcC4lCSSokwX9m85r7Hd0Udr/+JIEg 8MxLNOoCwSPdBVbyoD3VQpNkCrZ/3/NYIurN8W/mK78sv+j0OwBXSC3yZL1mVCiYIzCD 2Z+KIZYQi5E5w7ky+0UgyNgTb/Yj4fS5D4+Deih+6PpiFmwO9MY4oJ/oNPQ8t1F8ofT5 iJytCsQNYQGTvSQdWz2dR5g0UNFasHrb2aYMl0HgxAwZlZCIRCYIrENy2jWdmw5ELb7E fWx4bXMk8TcSOPP0uJd36PZF4eDtKZbnhGJwJe8KpDbLz67MzUC0x8nG9CeiXmmS8xOC jWlQ==
X-Forwarded-Encrypted: i=1; AJvYcCX0TD4v3I1qtTaGNWGkSziCxHaqXcHhi0OjAt9M/7jJc8Ir243pW/MjRRIEOxBQT+w7LYO5LAyYqqp0Rl4=@w3.org
X-Gm-Message-State: AOJu0Yy+8JfqU5A3TcOGqUrFUjJMRVR6Z2Vo5dLFIcVcGeSq6LqZ7CQD ZtFGsJAQOcmuLmkcFn0H5HW6Zk2jQ2hPJ1VXxdXgFR/PYDyaM+1m
X-Google-Smtp-Source: AGHT+IGbgT6pBaF1inzn7foTk/6+Nw8Vxw4lIhCA4h0+K8tlP6AYvdCeHlecIJiWiH+PqDGhVIcB5w==
X-Received: by 2002:a05:6a00:1ad0:b0:71e:4a46:fdb6 with SMTP id d2e1a72fcca58-71ea411c5cbmr5960912b3a.3.1729292472492; Fri, 18 Oct 2024 16:01:12 -0700 (PDT)
Received: from [192.168.10.135] (c-67-180-226-162.hsd1.ca.comcast.net. [67.180.226.162]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71ea333bbcbsm2020919b3a.47.2024.10.18.16.01.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 18 Oct 2024 16:01:11 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------50Yxd5Vw7yhRwc1M0dvF2wfE"
Message-ID: <5521363a-2ba4-4213-9180-41ee2f428adb@gmail.com>
Date: Fri, 18 Oct 2024 16:01:10 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Lisa Dusseault <lisa@dtinit.org>, Josh Cohen <joshco@gmail.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
References: <172046173132.445281.15041630415895010148@dt-datatracker-5f88556585-j5r2h> <ff54cd4f-c30e-4447-8744-3297e53b74be@gmail.com> <2f2d41cd-94ca-48d3-8ee7-575bcf241f87@gmx.de> <CAF3KT4R=iaqZvJ8y_4jemPn1eGFbMPsGpnU8kAZe4yWetAf-XA@mail.gmail.com> <CAH212UOqi4Uj+s=wrwEPDf8wVefY9sN=oZhAewxfB5EFbkfO-Q@mail.gmail.com>
Content-Language: en-US
From: Michael Toomim <toomim@gmail.com>
In-Reply-To: <CAH212UOqi4Uj+s=wrwEPDf8wVefY9sN=oZhAewxfB5EFbkfO-Q@mail.gmail.com>
X-W3C-Hub-DKIM-Status: validation passed: (address=toomim@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1t1vy8-00060n-26 3f638bb6e5596efaaf953a6002d6213b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Fwd: New Version Notification for draft-toomim-httpbis-versions-00.txt
Archived-At: <https://www.w3.org/mid/5521363a-2ba4-4213-9180-41ee2f428adb@gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52420
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Lisa, this articulation of unanswered questions is *sooo* helpful. Thank 
you so very much!

I am working on answers to these now. I look forward to getting to hear 
about the inchoate concerns in the next round!

Thank you! Excellent work!

Michael

On 10/15/24 3:09 PM, Lisa Dusseault wrote:
> I am already on the list, and I love the work going on with braid and 
> with HTTP subscriptions etc.  To be honest this is not my quest at the 
> moment (I try to limit the number of possibly-impossible things I'm 
> actively trying to make happen at one time), but I'm happy to help out 
> those who have decided to pursue this quest.
>
> I support working on the Version and Parents proposal in particular, 
> and I have hope that we can make it good.  At present, the draft needs 
> a bunch of work to be made into an implementable, interoperable 
> specification.  Right now it's enough detail to describe something and 
> see if we agree to work together to figure out the real details -- but 
> it does not yet have nearly enough detail for independent 
> implementers to go off and implement and hope to interoperate.  Some 
> of the things needed:
>
> 1. A section on how the Version and Parent headers are expected to 
> work with intermediaries when used with GET, that answers
> *   What do we expect  versioning-unaware intermediaries of different 
> kinds to do if they follow the HTTP standard properly;
> * what versioning-unaware intermediaries actually seem to be doing,
> * How to detect if a versioning-unaware intermediary has served a 
> cached document that doesn't meet the semantics of the request with 
> the Version header
> * Remedies - ways to ensure a versioning-unaware intermediary does not 
> try to serve the requests or ways to re-request in a way the 
> versioning-unaware intermediary does not continue to serve the wrong thing
> * Could there be versioning-aware intermediaries - could a caching 
> intermediary legitimately cache HTTP resource versions and return them
> * Somewhat of the same work above, repeated, for how intermediaries 
> are expected to behave with PUT and Parent header
>  * To be clear, I hope that we can live with SOME intermediary 
> breakage.  We just need to explain how much and what we've done to avoid.
>
> 3.  What are the exact format and semantic meaning of the version 
> IDs.  Can I have my server issue a version ID which is the 
> question-mark character repeated 10000 times? or could the client 
> reasonably assume that it is being fucked with?
> * How long can they be
> *  what characters are valid.
> * Are they sortable?  (Does sorting mean anything?) I ask because of 
> the critique that "there is no way to order versions by ETag"
>
> 2. Section on the  Version and Parent headers themselves
> * what values are permissible.  How long must the server receiving 
> them be able to handle, etc etc.
> * Are there any special values like "*" or "?"
> * How many Parent IDs is permissible on one resource in a 200 OK GET 
> response?
> * How many Parent IDs is permissible on a PUT request?
>
> 4. What is the semantics of the Version header in all the HTTP Request 
> and Response types in which it's expected to appear.  Which means 
> Section 2.3 will probably be significantly longer when the different 
> options are broken out.
> * Are there request and response types in which it's inappropriate to 
> put the Version and Parent header?
> * The meaning on POST is important to nail down. can the Parent header 
> be sent on a POST with multipart/form-data ? What would that mean?
> * What if a client issues a GET with a version that doesn't 
> exist, however, the server could handle the request if it had a legit 
> version ID?  You say the server "can ignore" but that seems more for a 
> server that isn't doing versioning on this resource. What about if it 
> can tell that the version is wrong? Is returning the whole resource 
> the helpful thing in this case?
> * Are there other reasons that GETting a version might fail? Can 
> servers delete old versions? Can servers put different access control 
> on different versions?
> * While a loose fail-back mode might be OK for GET, it's harmful for 
> PUT.  What errors should a server use if it can't apply the PUT or 
> PATCH to the exact version or parents specified?
>
> 5. Discoverability.
> * How does the client discover if a server supports the Version and 
> the Parent header?
> * Are servers going to be able to support some parts of this and not 
> others?  E.g. would a server be compliant if it only supported linear 
> versioning? And if so, how would it indicate that to the client -- 
> that multiple Parent IDs on a PUT are not supported?
> * Would a server be compliant if it allowed small updates ("Add this 
> sentence at this location on this version") but did not respond to GET 
> requests of prior versions with the prior version?
> * Would a server be compliant if it allowed PATCH to update the 
> versioned resource but not PUT? The other way around?
> * Is a versioning-unaware client able to send PUT requests and modify 
> the resource?  does that modify the whole resources?  Is there a need 
> for the client to tell the server "Don't worry I know what I'm doing" 
> and that it understands Version and Parent concepts?
>
> I have more concrete questions I haven't written down yet, and I also 
> have inchoate concerns ( things like resource URLs being tied to 
> versions or not - can URLs vary and still share the same version 
> history) , and I would like to see which use cases are definitely 
> going to be supported and make sure the work solves those. But I have 
> definitely listed too many questions already.
>
> It's like developing a server or service from scratch - your first 
> version that works in a demo in friendly hands is great, and there's 
> still 80% of the work remaining to handle edge cases and combinations 
> of features and actual attacks. It's pretty daunting but the Braid 
> work is a really good start.
>
> Lisa
>
> On Tue, Oct 15, 2024 at 1:55 PM Josh Cohen <joshco@gmail.com> wrote:
>
>     After Vancouver, I had a conversation with Lisa Dussealt, author
>     of RFC4918, HTTP Extensions for Web Distributed Authoring and
>     Versioning (WebDAV), and CalDAV, and asked if she might make
>     herself available at least as an advisor.
>     I'll leave it to Lisa to say Hi.
>     (Lisa will probably need to join the wg list)
>
>     On Sat, Jul 27, 2024 at 4:35 AM Julian Reschke
>     <julian.reschke@gmx.de> wrote:
>
>         On 16.07.2024 03:26, Michael Toomim wrote:
>         > Hi everyone in HTTP!
>         >
>         > Last fall we solicited feedback on the Braid State
>         Synchronization
>         > proposal [draft
>         >
>         <https://datatracker.ietf.org/doc/html/draft-toomim-httpbis-braid-http-04>,
>         slides
>         <https://datatracker.ietf.org/meeting/118/materials/slides-118-httpbis-braid-http-add-synchronization-to-http-00>],
>         which I'd summarize as:
>         >
>         >     "We're enthusiastic about the general work, but the
>         proposal is too
>         >     high-level. Break the spec up into multiple independent
>         specs, and
>         >     work bottom-up. Focus on concrete 'bits-on-the-wire'."
>         >
>         > So I'm breaking the spec up, and have drafted up the first
>         chunk for
>         > you. I would very much like your review on:
>         >
>         >     *Versioning of HTTP Resources*
>         >     draft-toomim-httpbis-versions
>         >
>         https://datatracker.ietf.org/doc/html/draft-toomim-httpbis-versions-00
>         > ...
>
>         I believe it would be good to work out the differences to RFC 3253
>         (https://greenbytes.de/tech/webdav/rfc3253.html) even if only
>         in a
>         short paragraph.
>
>         Best regards, Julian
>
>
>
>     -- 
>
>     ---
>     *Josh Co*hen
>

v2.37.1 | Report a Bug | By Email | System Status