IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC9110 (7870)

Mark Nottingham <mnot@mnot.net> Mon, 25 March 2024 23:01 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A2B8C18DB90 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Mar 2024 16:01:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.857
X-Spam-Level:
X-Spam-Status: No, score=-7.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="Pb8yyzlK"; dkim=pass (2048-bit key) header.d=w3.org header.b="eYpR6xMB"; dkim=pass (2048-bit key) header.d=mnot.net header.b="QtMtxyQt"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="HggF5E/M"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6jqprGqfUJys for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Mar 2024 16:01:52 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0A27C151717 for <httpbisa-archive-bis2Juki@ietf.org>; Mon, 25 Mar 2024 16:01:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:To:References:Message-Id:Cc:Date:In-Reply-To:From: Mime-Version:Content-Type:Reply-To; bh=ewUh0RbEedbWqRrOiuEKBRDbXUIkqQGqxsrzgRphUPQ=; b=Pb8yyzlKlVigfTXUpofvaD1T7L UHKSs4ExBYl7vpslbfT8QDYRWJydm7luK8WDKG+pmgUvtrfX8zB25YCgjPmWE5RuJhSG85RFzVVHF vasG9XcpvWVfUstvxccoUQi0mg2eds4USpI45aQcwZOZM+00oV+OJI9aI9psFpKXytFwWJWpMjkzI CeBapCnFSLcstlr1x1sp9zto++UPzt70ZnrJbWMh3m8nSgUo66JHJ1tyw/ng3r53kV1CtENga7nTe gPD0N0WTwVW60q27YViUREFzuiqVW6o1YQl45f3YAp4uGkC68KuSANwCZhyHYivj/3sZQmX06DzS1 R1YpTk1Q==;
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1rotHz-0006sb-2e for ietf-http-wg-dist@listhub.w3.org; Mon, 25 Mar 2024 22:59:35 +0000
Resent-Date: Mon, 25 Mar 2024 22:59:35 +0000
Resent-Message-Id: <E1rotHz-0006sb-2e@lyra.w3.org>
Received: from pan.w3.org ([3.222.182.102]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <mnot@mnot.net>) id 1rotHw-0006rD-Fc for ietf-http-wg@listhub.w3.org; Mon, 25 Mar 2024 22:59:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=To:References:Message-Id:Cc:Date:In-Reply-To:From:Subject: Mime-Version:Content-Type:Reply-To; bh=ewUh0RbEedbWqRrOiuEKBRDbXUIkqQGqxsrzgRphUPQ=; t=1711407572; x=1712271572; b=eYpR6xMBt3/K1Aj7XMd6i3DUzUp3cT9t/b+acDDo8kcIOEu5n4rBgw8uD9lpkNbbDWeenc0/34Y iFzT3uCvt17vkgHIALrhZgQBZen9d6rN/W0oln0qXAHg90+CHFHZlYHDpxPk6vPVeVUW9lZ/UobSF B75aUzf99Qa+lataaJ5qICvf8sfJp/r+lXuu2ZtWBGh8f3Fh804g4xliWHN+z27NtzFsw+I1pRrSG IMNo8WRsHNtLHKpr+/tiCM1hQHYGQO3b3ih9lhZJgmErO2Yn+r8AK8t25MsbSz/Gywwtbovpyzl15 ixQ7tbp72Xq83lThnGT4LiZZAcVKXo6ZGLGQ==;
Received-SPF: pass (pan.w3.org: domain of mnot.net designates 103.168.172.145 as permitted sender) client-ip=103.168.172.145; envelope-from=mnot@mnot.net; helo=fout2-smtp.messagingengine.com;
Received: from fout2-smtp.messagingengine.com ([103.168.172.145]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <mnot@mnot.net>) id 1rotHv-00G6Jt-1h for ietf-http-wg@w3.org; Mon, 25 Mar 2024 22:59:32 +0000
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailfout.nyi.internal (Postfix) with ESMTP id 428C31380135; Mon, 25 Mar 2024 18:59:28 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 25 Mar 2024 18:59:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1711407568; x=1711493968; bh=ewUh0RbEedbWqRrOiuEKBRDbXUIkqQGqxsrzgRphUPQ=; b= QtMtxyQtEmW25s64waAYHIJoBsK3QT8CIsw0MC2vDIFiMRd7gnFZhOb7IRriUBSo 2h8MGLheoj/on+IpXSGSodhhTOY2v9QuTlh41i9OtZ7/xeQhp0qFRxcln3Sainon aM1j4HKfZvZ19ms3opAl0EK9uHuQUjR38xXLlUepl6UaIH2ESoaDB/kwVEXKFCM9 l0M45SdIQgRyzsgmRWXhrP7UO+E59rmi4gtQAZo9HjHILjEkbEsuMTapbeitjPm+ thCSH4dcJFGm5JW9zngDjfcMM/9/n7qBONoUt0tIKhoZhy1ydATI3Bh8LeW+SMkv Yn6+/bcJUGo78TEXjW7akQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1711407568; x= 1711493968; bh=ewUh0RbEedbWqRrOiuEKBRDbXUIkqQGqxsrzgRphUPQ=; b=H ggF5E/M/Oju5lxo1TX1ee2j/wLSnrOMP6HgNBzWuF0YLG+GG+TA/4MUrN+7PDCTd 0FtFcsvpk/SxBtsdALlZZUbJeeaEdIFUTNjzmXO2r9VpNwUZYcz/82Q6sa4gezzj TR30Wl/W7FQquXKeEWJw4S7cwYkULm7Ey/LwTQvPv1gi4ttOHgC20ZLLoFTIafHV 6F4QHW3O6ndaSmZIO/F709gFUABq7l0jQFjPmKHQVTm+FhlDnM3mpBR6HmQS9sTa qc/fsJZ3DN5+DOFYrwJTiOIB4W72wbu+amwPuu1lfkvOxBVR7x+UaV6QP6scaqVV OtkJarcoLP4oMYgM5XAHQ==
X-ME-Sender: <xms:zwECZtG5-oXiXltYZtIIPzD2s4QQKEw77m9gP2CQp8IkUJMfyitPxA> <xme:zwECZiUAVSHZeN4GAsVzWvzasud1qrMrjemL_uKxNn63VvIco4_JU1EI_cnU5cwRp oORVgfcDIIOujI54g>
X-ME-Received: <xmr:zwECZvKlzr7gqHpzTJ0aPX9SecbpnowBrpu8W6APK6YapbPhOYB7Ip7Tz8ZbpKlhC3BdPgWDQYjvH4M7Yi0hukbtZeNHjEs5bSO1JjXrS6wibDH5HTpcQi4I>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudduvddgtdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffvefgkfhfvffosehtqhhmtdhhtddvnecuhfhrohhmpeforghr khcupfhothhtihhnghhhrghmuceomhhnohhtsehmnhhothdrnhgvtheqnecuggftrfgrth htvghrnhepieejudevfeefhfehleetleelkeevuedtvdeiiefgvdegieekfeduheejfefh tdfgnecuffhomhgrihhnpehrfhgtqdgvughithhorhdrohhrghdpghhithhhuhgsrdgtoh hmpdhmnhhothdrnhgvthenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr ihhlfhhrohhmpehmnhhothesmhhnohhtrdhnvght
X-ME-Proxy: <xmx:zwECZjGADwO0-59bQvu0X5CmuhHIh2-jSPZSYblaLKTDYluCYGpb2A> <xmx:zwECZjVfNSKoSIkk3lqhd5iGlyLCBGNuYcgxEGp4RdW58Yt0jsyS3g> <xmx:zwECZuPDBcDOyDQsp9_wheiWGfSuua1zwQnJQQDYZpQkq3F-3vd1HA> <xmx:zwECZi3rU9LqnHo96gXKfy2d6bsuWnMiInNkKtaMBzqFjOzpdxnSRg> <xmx:0AECZvruGjm0CbemIiYJI0ERIxI7xA3fC0vzFU3MWLV47NahRm6gVQ>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 25 Mar 2024 18:59:24 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <20240324183318.A752011FD91@rfcpa.amsl.com>
Date: Tue, 26 Mar 2024 09:59:22 +1100
Cc: Roy Fielding <fielding@gbiv.com>, "Julian F. Reschke" <julian.reschke@greenbytes.de>, httpbis-ads@ietf.org, Tommy Pauly <tpauly@apple.com>, benjamin.p.kallus.gr@dartmouth.edu, ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <48D0BD66-E290-4BC9-BB70-285EDA3FFD99@mnot.net>
References: <20240324183318.A752011FD91@rfcpa.amsl.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
X-W3C-Hub-DKIM-Status: validation passed: (address=mnot@mnot.net domain=mnot.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mnot@mnot.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1rotHv-00G6Jt-1h 7ed44102947a5f934d48f61c632441be
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [Technical Errata Reported] RFC9110 (7870)
Archived-At: <https://www.w3.org/mid/48D0BD66-E290-4BC9-BB70-285EDA3FFD99@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51908
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

REJECT.

'forward' and 'send' are defined terms in the specification, and the previous paragraph covers the 'send' -- this requirement is specific to forwarding. It's specifically there to call out the exception _only_ in the forwarding case. The existing text already specifies your option #2. 

How does the existing text not allow a message to be forwarded once the invalid field is replaced?


> On 25 Mar 2024, at 05:33, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> 
> The following errata report has been submitted for RFC9110,
> "HTTP Semantics".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7870
> 
> --------------------------------------
> Type: Technical
> Reported by: Ben Kallus <benjamin.p.kallus.gr@dartmouth.edu>
> 
> Section: 8.6
> 
> Original Text
> -------------
>   Likewise, a sender MUST NOT forward a message with a Content-Length
>   header field value that does not match the ABNF above, with one
>   exception: a recipient of a Content-Length header field value
>   consisting of the same decimal value repeated as a comma-separated
>   list (e.g, "Content-Length: 42, 42") MAY either reject the message as
>   invalid or replace that invalid field value with a single instance of
>   the decimal value, since this likely indicates that a duplicate was
>   generated or combined by an upstream message processor.
> 
> Corrected Text
> --------------
>   Likewise, a sender MUST NOT send a message with a Content-Length
>   header field value that does not match the ABNF above. A
>   recipient of a Content-Length header field value consisting of
>   the same decimal value repeated as a comma-separated list (e.g,
>   "Content-Length: 42, 42") MAY either reject the message as invalid
>   or replace that invalid field value with a single instance of the
>   decimal value, since this likely indicates that a duplicate was
>   generated or combined by an upstream message processor.
> 
> Notes
> -----
> This change aims to fix 2 issues with the text:
> 
> Issue #1
> Recall the following from section 8.6:
>> Likewise, a sender MUST NOT forward a message with a Content-Length header field value that does not match the ABNF above, ...
> 
> It wasn't immediately clear to me which of these was the intended meaning:
> 1. Upon receipt of a message with an invalid Content-Length value, senders MUST NOT forward the message.
> 2. Upon receipt of a message with an invalid Content-Length value, senders MUST NOT forward the message with the invalid value intact.
> 
> Mark Nottingham confirmed on GitHub that the intended meaning is option 2:
> https://github.com/httpwg/http-core/issues/1113#issuecomment-1937914210
> 
> I propose that the word "forward" be changed to "send" to clear up the ambiguity.
> 
> Issue #2
> We've just established that the intended meaning of the first half of the sentence in question is that malformed CL header values MUST NOT be forwarded intact.
> An exception to this rule is (by definition) a situation in which invalid CL header values *are* permitted to be forwarded intact.
> The "exception" described in the text does not allow for invalid header values to be forwarded intact, so it is a misuse of the word "exception."
> 
> To clear this up, I propose that the sentence be split in two, and that the word "exception" be removed.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". (If it is spam, it 
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> will log in to change the status and edit the report, if necessary.
> 
> --------------------------------------
> RFC9110 (draft-ietf-httpbis-semantics-19)
> --------------------------------------
> Title               : HTTP Semantics
> Publication Date    : June 2022
> Author(s)           : R. Fielding, Ed., M. Nottingham, Ed., J. Reschke, Ed.
> Category            : INTERNET STANDARD
> Source              : HTTP
> Stream              : IETF
> Verifying Party     : IESG

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email