IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC9111 (7695)

"Roy T. Fielding" <fielding@gbiv.com> Tue, 07 November 2023 20:48 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E55AC1B032B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Nov 2023 12:48:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gbiv.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4vb77do3MYNv for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Nov 2023 12:48:50 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD768C17C8A9 for <httpbisa-archive-bis2Juki@ietf.org>; Tue, 7 Nov 2023 12:48:48 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1r0SxW-00H8PI-LE for ietf-http-wg-dist@listhub.w3.org; Tue, 07 Nov 2023 20:46:02 +0000
Resent-Date: Tue, 07 Nov 2023 20:46:02 +0000
Resent-Message-Id: <E1r0SxW-00H8PI-LE@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fielding@gbiv.com>) id 1r0SxU-00H8Nx-Qe for ietf-http-wg@listhub.w3.org; Tue, 07 Nov 2023 20:46:00 +0000
Received: from poodle.tulip.relay.mailchannels.net ([23.83.218.249]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fielding@gbiv.com>) id 1r0SxS-007Fek-U1 for ietf-http-wg@w3.org; Tue, 07 Nov 2023 20:46:00 +0000
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 0E8ED4217A; Tue, 7 Nov 2023 20:45:54 +0000 (UTC)
Received: from pdx1-sub0-mail-a270.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id A6B4F425E4; Tue, 7 Nov 2023 20:45:53 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1699389953; a=rsa-sha256; cv=none; b=LGZ/4OM5u21B/dlSe5hqKUFSsyzQBmPEmHQYR9SmvitFgk8Vr5UJ1AR54jFOV9bCNkL8mT EJNF8wUtTcE/OX9ziz8OB7W7AWwk6VN3JMDRA4Dd5CNe5w0fjSiLHIeH6W6VKkJI5Nk3Zk u4bZ2D6Oo08TOv/f1syuzwuO6vej5tiXqy3nY6SOBKS5xVmPHK3VeEFwb3zA+oW7MmkxtQ DucwwFmNZBkFQd2qjTHLSGE2gumrwqCn+HZZHZ9OQxM7LmPQ1QqzstFlToGu9NHgRPNtNB LduQTJx9PIc1gHuN+aPlCYapOVpgYdbsBLfFZDa2dtvjJkwjIQr+BpNusDe4jg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1699389953; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vaDc0wQM5MDOQ2aYTMmI2q5XcYZgGWnjFCb+bxZVSsw=; b=wyeOAZCl+527x5aZ3JCibFt0jbeuyfZ28Q8/XrXMOXu+Vx8D6cSvHCEEop4o6RiyrwFf50 4P1UpT2y5oUgewEEatEQsrOlYNRAzNOmUD1IWMbgaD/nFS3T7BNXmVD+08MnHmxxfnGKgQ G6jnPOQir7ENvge2SaEgl9YRBrSz5RwQs/NcPxwip+FkvBhSX//WZnzIuzqOJVI8DtYIQu RepzDgKZLwN6tFcm3obxrbyNhUIaJsgzrkubyYjGGaxx87S8SKv5TRZGNeGHzQIAVsFNCk l8JQrx9nH1xmOtFj2gZ+Dv3MGP4MW0LxNhDfW7YAy2sBltvpd3BPtnklaGmhZA==
ARC-Authentication-Results: i=1; rspamd-6f98f74948-ld9nl; auth=pass smtp.auth=dreamhost smtp.mailfrom=fielding@gbiv.com
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|fielding@gbiv.com
X-MailChannels-Auth-Id: dreamhost
X-Celery-Wiry: 171141b14ad505a3_1699389953889_4097607209
X-MC-Loop-Signature: 1699389953889:1070774982
X-MC-Ingress-Time: 1699389953888
Received: from pdx1-sub0-mail-a270.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.101.67.122 (trex/6.9.2); Tue, 07 Nov 2023 20:45:53 +0000
Received: from smtpclient.apple (ip72-194-73-53.oc.oc.cox.net [72.194.73.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by pdx1-sub0-mail-a270.dreamhost.com (Postfix) with ESMTPSA id 4SQ0c10SQQzZX; Tue, 7 Nov 2023 12:45:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gbiv.com; s=dreamhost; t=1699389953; bh=Fgq2JPCZJlSSX/CNp01FpULaCqcp5+xmvi/5mVPEuyQ=; h=Content-Type:Subject:From:Date:Cc:Content-Transfer-Encoding:To; b=N11QXlGX5mzo9aFr7SJhMtj81bpn3QUn35d9uLzN9H2rvMw0EhqiBnnYrkX+5Y25w 8iSrEn6r6wZjLq+nEUUJe/WJTFJXDEkI4bOZWn+HjX/VBEaitiTtsZFlatoNIQdnz/ lscWE0br+DeXEEasDPunNFz2KhMHghjb4gzbhEMdS81j6fwueMdOTgVpnkFoVB0mJ3 AFH0e+oWEtt4EQwW4FGBbJD36pM5MZRTax8SDtRkqLrlf9USBRL7lGceTcysc/VWjf KzUVNuUUaSLXHRvAImV9yykf5r2kjg0qHyQTiBCyWARm2ua6LlzoQo5owU1YOkERux rUAUwyJCEE4XQ==
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <20231107174221.2692D55E6C@rfcpa.amsl.com>
Date: Tue, 07 Nov 2023 12:45:41 -0800
Cc: Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@greenbytes.de>, "Murray S. Kucherawy" <superuser@gmail.com>, Francesca Palombini <francesca.palombini@ericsson.com>, Tommy Pauly <tpauly@apple.com>, dron.rathore@gmail.com, ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7136A09F-B4A2-4C84-BE4D-063D96383798@gbiv.com>
References: <20231107174221.2692D55E6C@rfcpa.amsl.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Received-SPF: pass client-ip=23.83.218.249; envelope-from=fielding@gbiv.com; helo=poodle.tulip.relay.mailchannels.net
X-W3C-Hub-DKIM-Status: validation passed: (address=fielding@gbiv.com domain=gbiv.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1r0SxS-007Fek-U1 b9a3f7a1b8d224d75b6728f2f63fa1e8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Technical Errata Reported] RFC9111 (7695)
Archived-At: <https://www.w3.org/mid/7136A09F-B4A2-4C84-BE4D-063D96383798@gbiv.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51576
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

The suggestion is not a desired solution for the problematic text.

This part is not an error in the specification. Even when If-Match and
If-Unmodified-Since are not applicable to a cache, their presence
does not imply that the request must be forwarded to the origin.
It will depend on other factors in the request and how/where
the cache has been configured.

The errata comments assume that cache == cache server, whereas
RFC9111 defines a cache in general. Caches are not required to
forward requests -- they choose to do so when that is necessary
to fulfill their purpose.

OTOH, what might be an error in RFC9111 is the general statement that

   If-Match and If-Unmodified-Since conditional header
   fields are not applicable to a cache

given that both header fields are defined in RFC9110 as a
cache MAY ignore, not MUST ignore. The reason it is a MAY ignore
here is because HTTP defined this as a feature back in 1996 or so.
Hierarchical cache meshes can use conditional GET mechanisms
to backfill partially cached entries, even if the origin would
have offered a different representation, and they might choose
to do so with If-Match (instead of If-Range) if they do not want
the content transferred when updated (i.e., they will remove
their cache entry instead).

This is a deliberate feature -- a choice being made by the client.
If the client does not want this feature, they won't send If-Match
or If-Unmodified-Since on a GET request. They will send If-Range.
This does not result in an invalid response being returned; it is
exactly the response that was requested and was defined as being
valid by the origin server that supplied it in the first place.

Likewise, RFC9110 section 13.2.2 is somewhat misleading
because it attempts to summarize the MUST requirements without
also noting that recipients MAY process If-Match and
If-Unmodified-Since on GET.

So, I understand why the reporter considers this to be errata,
but this isn't a viable solution.

....Roy


> On Nov 7, 2023, at 9:42 AM, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> 
> The following errata report has been submitted for RFC9111,
> "HTTP Caching".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7695
> 
> --------------------------------------
> Type: Technical
> Reported by: Dron Rathore <dron.rathore@gmail.com>
> 
> Section: 4.3.2-4
> 
> Original Text
> -------------
>   The proper evaluation of conditional requests by a cache depends on
>   the received precondition header fields and their precedence.  In
>   summary, the If-Match and If-Unmodified-Since conditional header
>   fields are not applicable to a cache, and If-None-Match takes
>   precedence over If-Modified-Since.  See Section 13.2.2 of [HTTP] for
>   a complete specification of precondition precedence.
> 
> Corrected Text
> --------------
>   The proper evaluation of conditional requests by a cache depends on
>   the received precondition header fields and their precedence.  In
>   summary, the If-Match and If-Unmodified-Since conditional header
>   fields are not applicable to a cache and hence such requests MUST
>   be forwarded to the origin, and If-None-Match takes precedence
>   over If-Modified-Since.  See Section 13.2.2 of [HTTP] for a complete
>   specification of precondition precedence.
> 
> Notes
> -----
> Correction:
> "the If-Match and If-Unmodified-Since conditional header fields are not applicable
> to a cache [and hence such requests MUST be forwarded to the origin]"
> 
> This is based upon the reading of RFC 9111#section-4.3.2-3[1]:
> 
>   A cache MUST NOT evaluate conditional header fields that only apply
>   to an origin server, occur in a request with semantics that cannot be
>   satisfied with a cached response, or occur in a request with a target
>   resource for which it has no stored responses; such preconditions are
>   likely intended for some other (inbound) server.
> 
> 
> Current RFC 9110#section-13.1.1-13[2], RFC 9110#section-13.2.2[3] and RFC 
> 9111#section-4.3.2-4[4] does not explicitly provide clear direction to cache servers as to 
> how to deal with If-Match and If-Unmodified-Since conditional headers[5].
> 
> The correction intends to provide more clarity for If-Match and If-Unmodified-Since
> header as to how a cache server should handle conditional header which are meant
> for origin server based on the reading of above produced section of 
> the RFC 9111#section-4.3.2-3.
> 
> If cache nodes have to ignore If-Match and If-Unmodified-Since header as per 
> RFC 9110#section-13.1.1-13 then in scenarios where they have a cached non-expired
> content representation which can be satisfied sans If-Match and If-Unmodified-Since
> headers the same will be returned back by cache and intermediary servers. 
> 
> Caching layers with multiple content representation cached in the network may 
> return invalid response back causing higher requests errors when dealing with origin 
> applicable conditional headers that are sent to intermediary cache nodes from 
> edge cache nodes for cache hydration. 
> 
> Consider the below scenario:
> 
> 1. A caching system consisting of 2 cache layers with 3 servers each,
> Server nodes "A" representing Edge cache nodes(A1, A2, A3),
> Server nodes "B" representing intermediary cache nodes(B1, B2, B3), and an 
> origin server
> 
> 2. All cache servers (A and B) make use of If-Match and If-Unmodified-Since to 
> hydrate their own cached content representation as per RFC 9110#section-13.1.1-12 [6]
> 
> 3. All cache servers make use of 5MiB chunk ranges for cache hydration of large 
> files 
> 
> 4. Origin server contains a file foo with size 20MiB, with content 
> representation Etag E1 
> 
> 5. A client C1 who sends a range request for file foo with range 10-20MiB to edge node A1
> 
> 6. For initial set of requests sent by edge node A1 the representation E1 gets 
> cached on 2 of the intermediary nodes B1 and B2 (because of 2 requests for 
> 5MiB chunk each) 
> 
> 6. Content representation for file foo changes to Etag E2 on origin 
> 
> 7. A client C2 who sends a range request for file foo with range 10-20MiB to edge node A2
> 
> 8. Requests to edge node A2 which does not have a cached representation causes it 
> to send 2 range requests for 5MiB each, in this case lets assume it is sent to 
> intermediary cache nodes B1(range:10-15MiB) and B3(range:15-20MiB), 
> B3 node faces cache-miss and hydrates its own cache from Range 15Mib-20MiB
> with content representation E2. B1 node already has a cached representation E1
> for requested range so it returns it back. A2 node which has now cached 10-15MiB E1
> representation received from B1 has to returns error and performs a cache reset for
> itself because of mixed representation for the whole user requested range.
> 
> In such a case where intermediary cache severs/nodes may end up with multiple 
> content representation an edge node who is trying to hydrate its own cache 
> will find it hard to do so, i.e. the first 5MiB 
> chunk may end up being served by intermediary cache nodes with representation 
> E1 and the other half of the chunk by nodes who have a content representation 
> E2. The error rates will be higher whenever content representation changes at
> the origin server for such range requests.
> 
> 
> [1]: https://www.rfc-editor.org/rfc/rfc9111#section-4.3.2-3
> [2]: https://www.rfc-editor.org/rfc/rfc9110#section-13.1.1-13
> [3]: https://www.rfc-editor.org/rfc/rfc9110#section-13.2.2
> [4]: https://www.rfc-editor.org/rfc/rfc9111#section-4.3.2-4
> [5]: https://github.com/httpwg/http-core/issues/1111
> [6]: https://www.rfc-editor.org/rfc/rfc9110#section-13.1.1-12
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". (If it is spam, it 
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> will log in to change the status and edit the report, if necessary.
> 
> --------------------------------------
> RFC9111 (draft-ietf-httpbis-cache-19)
> --------------------------------------
> Title               : HTTP Caching
> Publication Date    : June 2022
> Author(s)           : R. Fielding, Ed., M. Nottingham, Ed., J. Reschke, Ed.
> Category            : INTERNET STANDARD
> Source              : HTTP
> Area                : Applications and Real-Time
> Stream              : IETF
> Verifying Party     : IESG
>

v2.23.0 | Report a Bug | By Email