Re: Last Call: <draft-ietf-httpbis-header-structure-18.txt> (Structured Field Values for HTTP) to Proposed Standard

Willy Tarreau <w@1wt.eu> Sat, 16 May 2020 05:51 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33EA23A0771 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 May 2020 22:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.749
X-Spam-Level:
X-Spam-Status: No, score=-0.749 tagged_above=-999 required=5 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8J69Q_FJttyQ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 May 2020 22:51:45 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E67A3A076F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 May 2020 22:51:22 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1jZpj3-00035J-LQ for ietf-http-wg-dist@listhub.w3.org; Sat, 16 May 2020 05:51:09 +0000
Resent-Date: Sat, 16 May 2020 05:51:09 +0000
Resent-Message-Id: <E1jZpj3-00035J-LQ@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <w@1wt.eu>) id 1jZpj1-00034X-N3 for ietf-http-wg@listhub.w3.org; Sat, 16 May 2020 05:51:08 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by titan.w3.org with esmtp (Exim 4.92) (envelope-from <w@1wt.eu>) id 1jZpiy-0005VN-NK for ietf-http-wg@w3.org; Sat, 16 May 2020 05:51:07 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 04G5ogv9009237; Sat, 16 May 2020 07:50:42 +0200
Date: Sat, 16 May 2020 07:50:42 +0200
From: Willy Tarreau <w@1wt.eu>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Julian Reschke <julian.reschke@gmx.de>, mnot@mnot.net, phk@varnish-cache.org, last-call@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, barryleiba@gmail.com, draft-ietf-httpbis-header-structure@ietf.org
Message-ID: <20200516055042.GC9187@1wt.eu>
References: <158740521959.1174.9556681562748997101@ietfa.amsl.com> <bb3a29ff-1a0f-964d-c764-4d4819d338da@gmx.de> <4184EA3A-793F-4F29-8E99-FD371F35F6AC@mnot.net> <0150efc3-9d69-3ada-b714-5d2d6c9dbed3@gmx.de> <20200515151336.GB8412@1wt.eu> <4859a11f-5649-b633-f43b-facf036e61c7@gmx.de> <44485.1589558797@critter.freebsd.dk> <3aa18f59-889b-bb3e-289d-0936bb18a9a8@gmx.de> <47000.1589607741@critter.freebsd.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <47000.1589607741@critter.freebsd.dk>
User-Agent: Mutt/1.6.1 (2016-04-27)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-7.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1jZpiy-0005VN-NK 2def70e024f85b623f1e161882815a91
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Last Call: <draft-ietf-httpbis-header-structure-18.txt> (Structured Field Values for HTTP) to Proposed Standard
Archived-At: <https://www.w3.org/mid/20200516055042.GC9187@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37639
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sat, May 16, 2020 at 05:42:21AM +0000, Poul-Henning Kamp wrote:
> --------
> In message <3aa18f59-889b-bb3e-289d-0936bb18a9a8@gmx.de>de>, Julian Reschke writes
> :
> 
> >I have no idea what the exact proposal would be. Fail when multiple
> >instances are there?
> 
> That has always been my stance:  Multiple instances of the same
> header should have been banned long ago, ideally before the
> Cookie-Mistake allowed the total plunder of our privacy.

I disagree. Lots of components by then already needed to append
"connection: close", "cache-control: no-cache", "x-forwarded-for: foo"
and so on without having the ressources required to check for their
existence, or having the programmatic flexibility to let the user
express what to do. Don't forget that 20 years ago this was very
common and the amount of available CPU and RAM wasn't the same as
today.

I think that the current definition is fine and reasonable. It doesn't
pose any problem as long as those who care about the field's value are
able to reject partial values. Those in the middle who aggregate the
partial values are not impacted if they don't use it, so the real
recipient for this header is the last one which either sees invalid,
partial values, or a complete, valid one.

Willy