Re: #473, was: p7: forwarding Proxy-*

Julian Reschke <julian.reschke@gmx.de> Mon, 29 July 2013 13:48 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FAD621F9E9C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jul 2013 06:48:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_45=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xkDDS-R+MIqC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Jul 2013 06:48:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id EAEA211E80D9 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 29 Jul 2013 06:47:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V3nnH-0001NP-95 for ietf-http-wg-dist@listhub.w3.org; Mon, 29 Jul 2013 13:47:23 +0000
Resent-Date: Mon, 29 Jul 2013 13:47:23 +0000
Resent-Message-Id: <E1V3nnH-0001NP-95@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <julian.reschke@gmx.de>) id 1V3nn7-0001Mg-QJ for ietf-http-wg@listhub.w3.org; Mon, 29 Jul 2013 13:47:13 +0000
Received: from mout.gmx.net ([212.227.15.18]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <julian.reschke@gmx.de>) id 1V3nn5-0004oi-03 for ietf-http-wg@w3.org; Mon, 29 Jul 2013 13:47:13 +0000
Received: from [192.168.1.104] ([217.91.35.233]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LrNE4-1U5Lyq2Bie-0136vg for <ietf-http-wg@w3.org>; Mon, 29 Jul 2013 15:46:44 +0200
Message-ID: <51F67241.3090004@gmx.de>
Date: Mon, 29 Jul 2013 15:46:41 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Mark Nottingham <mnot@mnot.net>
CC: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
References: <76583F5C-A175-42EA-B0A0-CB5663A5E3AC@mnot.net> <9E71BAB0-0D88-4B6E-B1A1-AA228349E3CA@gbiv.com> <27ED39F0-723C-4358-9A22-4AAEEC1BA912@mnot.net> <37ABC670-148B-4D7A-AE21-6692EFFC122F@gbiv.com> <3257D0DA-F6FA-4E24-919C-C4FB4864F69E@mnot.net> <51F4FB7F.3050807@gmx.de> <D9E38713-A86F-47BE-9124-D4EA88700BD3@mnot.net> <51F66E8D.1090109@gmx.de> <120946A4-C088-41B9-836E-50A59A1D5941@mnot.net>
In-Reply-To: <120946A4-C088-41B9-836E-50A59A1D5941@mnot.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:UVycuzPzVbv5jwX0+DujxhMRu2NEZAo9hDc1RMCZvql5Oqa4E8T VOIM/gSBNShjJCZdehVeVfNDEMPs1bAFRy3QZOV2nwDhaedYXbTMcjuAELOw6txB036QVi0 ZIMRdH9y1jwz7yOn+rQN1Iyo+fF4e9T+Bd9OSZhxlDhaWe4ID3Emm9C/MwdA4r+XXR7aAd2 iwqz/qu4ZUmzQR+q8GIdg==
Received-SPF: pass client-ip=212.227.15.18; envelope-from=julian.reschke@gmx.de; helo=mout.gmx.net
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-3.425, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1V3nn5-0004oi-03 c32109eeb36147d0734ffe71a8daef26
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #473, was: p7: forwarding Proxy-*
Archived-At: <http://www.w3.org/mid/51F67241.3090004@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18955
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 2013-07-29 15:39, Mark Nottingham wrote:
>
> On Jul 29, 2013, at 3:30 PM, Julian Reschke <julian.reschke@gmx.de> wrote:
>
>> On 2013-07-29 14:31, Mark Nottingham wrote:
>>> The conclusion of the conversation was Roy's statement:
>>>
>>>> No, I am just saying that Connection is not required; if it is not
>>>> included in Connection, then the intention is that it be forwarded
>>>> until consumed.  OTOH, if it is included in Connection, then it
>>>> will be consumed or deleted by the immediate recipient.  AFAIK,
>>>> these fields are not normally included in Connection, but there
>>>> might be a good reason to if the proxy selection is complicated.
>>>
>>> Which seems reasonable and no one has objected. However, p7 still says:
>>>
>>>> Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and intermediaries should not forward it to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate header field.
>>
>> Out of curiosity: why does the "SHOULD NOT" show up as "should not"?
>
> Cut and paste of the HTML in Safari loses the uppercasing applied by the stylesheet, I think.

If you look at the raw HTML; you'll see it has "SHOULD NOT" (exactly so 
that copy&paste does the expected thing). Bad Safari.

>>> … with similar text for Proxy-Authorization. The "SHOULD NOT forward…" requirement is in conflict with the sentiment expressed above.
>>>
>>> I've changed the target to p7.
>>
>> OK.
>>
>> So maybe change
>>
>>   "Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and intermediaries SHOULD NOT forward it to downstream clients."
>>
>> to
>>
>>   "Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and *proxies* SHOULD NOT forward it to downstream clients."
>>
>> This would allow non-proxy intermediaries to forward it.
>>
>
> I think we need to make it a more discretionary thing; e.g.,
>
> "Unlike WWW-Authenticate, the Proxy-Authenticate header field usually applies to the current connection, and proxies generally will consume it, rather than forwarding it to downstream clients."
>
> With similar changes for Proxy-Authorization.
>
> Make sense?

Sounds good.

Best regards, Julian