IETF Logo Mail Archive

Re: JSON headers

Phil Hunt <phil.hunt@oracle.com> Fri, 08 July 2016 18:48 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 267F712D5C8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 8 Jul 2016 11:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.346
X-Spam-Level:
X-Spam-Status: No, score=-8.346 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JfbrMySxMj2s for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 8 Jul 2016 11:48:52 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E5C512D558 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 8 Jul 2016 11:48:51 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1bLalY-0007ZE-I3 for ietf-http-wg-dist@listhub.w3.org; Fri, 08 Jul 2016 18:44:44 +0000
Resent-Date: Fri, 08 Jul 2016 18:44:44 +0000
Resent-Message-Id: <E1bLalY-0007ZE-I3@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <phil.hunt@oracle.com>) id 1bLalT-0007YT-Vh for ietf-http-wg@listhub.w3.org; Fri, 08 Jul 2016 18:44:40 +0000
Received: from aserp1040.oracle.com ([141.146.126.69]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <phil.hunt@oracle.com>) id 1bLalQ-0007JR-2A for ietf-http-wg@w3.org; Fri, 08 Jul 2016 18:44:39 +0000
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u68Ii4YF005158 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 8 Jul 2016 18:44:04 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u68Ii3vU010791 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 8 Jul 2016 18:44:04 GMT
Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id u68Ii1GI006346; Fri, 8 Jul 2016 18:44:02 GMT
Received: from [192.168.1.15] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 08 Jul 2016 18:44:01 +0000
Content-Type: multipart/alternative; boundary="Apple-Mail=_383C9203-75A3-4B78-BEA5-B4C1B1D8F17F"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <74180.1468000149@critter.freebsd.dk>
Date: Fri, 08 Jul 2016 11:44:05 -0700
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <A17D3EFD-A935-4971-BCF6-DC9D38302CAD@oracle.com>
References: <74180.1468000149@critter.freebsd.dk>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
X-Mailer: Apple Mail (2.3124)
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Received-SPF: pass client-ip=141.146.126.69; envelope-from=phil.hunt@oracle.com; helo=aserp1040.oracle.com
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: AWL=1.626, BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1bLalQ-0007JR-2A 1109867036f75a90caaa2d1f444fc2b3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: JSON headers
Archived-At: <http://www.w3.org/mid/A17D3EFD-A935-4971-BCF6-DC9D38302CAD@oracle.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31841
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Not sure if this has been discussed. One of the biggest problems with HTTP request signing has been repeat headers. It presents problem of detecting which headers are intended and which header was signed first.

It would be nice if the JSON encoding handled arrays so that the demand for duplicate headers is removed.  Signing could then be more successful and could even stipulate that the presence of a repeat header in a signed request is a failure condition.

Phil

@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>





> On Jul 8, 2016, at 10:49 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> 
> Since Marks call for adoption of this draft, I've been thinking a lot about the
> general topic.
> 
> There is no doubt that the current way we've been doing HTTP headers has turned
> into a bit of a boondongle.
> 
> Switching to a consistent structured format is certainly a good idea, and as
> such formats go, JSON is far from the worst one could pick.
> 
> So, yes, in principle I'm all for this.
> 
> However, and you knew that would be coming, I have three major issues with this.
> 
> Future binary format
> --------------------
> 
> I really hope we are going to discontinue the text-processing
> approach to the HTTP protocol headers required for transport purposes.
> 
> Sending numbers, and particular dates as ascii strings is simply
> not sensible with speeds north of 10 Gb/sec.
> 
> If we decide to standardise on _a_ structured format, we should pick
> one that has a high-performance-sensible binary parallel, which
> can be used in HTTP/2 and onwards
> 
> I know about BSON, BJSON and CBOR, there are probably other as well,
> we need to study them carefully so we do not paint ourselves into
> a corner here.  The binary versions limitations/encodings in a high
> performance setting may affect how we use/constrain usage of the
> textual version.
> 
> How do we specify this in RFCs
> ------------------------------
> 
> This is the BIG one.
> 
> Julians draft does not addrss this at all:  We need a "ABNF" for
> specifying the structured syntax of standard headers.
> 
> Before we open the floodgates for JSON (or whatever) headers,
> we absolutely have to have found and nailed down how they will
> be documented/specified in RFCs.
> 
> This syntax specification has to be both human- and machine-readable,
> so known-to-be-compliant efficient code can be generated directly
> from the RFC text.
> 
> There's something called "JSON-schema"
> 
> 	http://json-schema.org/example1.html
> 
> It doesn't look apetizing to me, see for instance their
> JSON-schema for JSON-schema-JSONs:
> 
> 	http://json-schema.org/schema
> 
> Being able to piggy-back on something like that would be a big
> plus over rolling our own.
> 
> 
> Simplify semantics
> ------------------
> 
> I realize that Julians draft specifically targets newly defined
> headers, and that is a good starting point.
> 
> However, we should leverage this to re/bis-define standard headers
> in the new format too so they can have their semantics reduced and
> simplified with a venegance.
> 
> To take Accept-encoding as an example:
> 
> It should be constrained to a simple list in order of preference,
> with identity being the implicit last element.  Not on the list?
> not accepted.
> 
> Forget the bloody useless q= values, forget sending it in any order
> you happen to like, forget sending multiple headers.
> 
> 	Accept-Encoding: [ "gzip", "deflate" ]
> 
> There, done.
> 
> Do we even need both gzip and deflate ?  No, of course we do not.
> 
> Other more competent compressions ?  Yes by all means, but the same
> compression with/without some trivial header-bytes is just a stupid
> waste of everybodys time and code.
> 
> Even better:
> 
> 	Accept-Encoding: [ "gzip" ]
> 
> Now lets go one step further:  Most implementations today support
> gzip, so the above should be the default if no Accept-Encoding
> header is present.  If you do not support gzip, you'll have to
> send:
> 
> 	Accept-Encoding: [ ]
> 
> Everybody else can avoid sending Accept-Encoding entirely.
> 
> We can repurpose the minor number of HTTP protocol numbers
> to indicate the sematic version:
> 
> 	HTTP/1.0 -> ascii headers we know and have a complex 
> 		    and unfulfilling relationship with
> 	HTTP/1.1 -> the bugfix release
> 
> 	HTTP/2.0 -> HPACK'ed ascii headers
> 	HTTP/2.1 -> future bugfix release
> 
> 	HTTP/1.2 -> Ascii JSON headers
> 	HTTP/2.2 -> Binary JSON headers
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe    
> Never attribute to malice what can adequately be explained by incompetence.
>

v2.23.0 | Report a Bug | By Email