IETF Logo Mail Archive

Re: [hybi] #1: HTTP Compliance

Willy Tarreau <w@1wt.eu> Sun, 15 August 2010 12:30 UTC

Return-Path: <w@1wt.eu>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD03E3A6783 for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 05:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.958
X-Spam-Level:
X-Spam-Status: No, score=-2.958 tagged_above=-999 required=5 tests=[AWL=-0.915, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ISnVK2sl8ooE for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 05:30:35 -0700 (PDT)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by core3.amsl.com (Postfix) with ESMTP id 4F8EA3A6765 for <hybi@ietf.org>; Sun, 15 Aug 2010 05:30:33 -0700 (PDT)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id o7FCV8UX028079; Sun, 15 Aug 2010 14:31:08 +0200
Date: Sun, 15 Aug 2010 14:31:08 +0200
From: Willy Tarreau <w@1wt.eu>
To: gustav trede <gustav.trede@gmail.com>
Message-ID: <20100815123108.GD27614@1wt.eu>
References: <f7d4bb98e444b85b9bf1af6d4d9f0772.squirrel@sm.webmail.pair.com> <20100815100717.GA27614@1wt.eu> <AANLkTimQeG32CbZG5DsGmthwH3CwqHtncs7tGCTtg0d+@mail.gmail.com> <20100815105045.GB27614@1wt.eu> <AANLkTinT9r47qqG2s-MEpGxwGuOcST9tRTLS_TyQKf_r@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTinT9r47qqG2s-MEpGxwGuOcST9tRTLS_TyQKf_r@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Cc: hybi@ietf.org
Subject: Re: [hybi] #1: HTTP Compliance
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 12:30:36 -0000

On Sun, Aug 15, 2010 at 12:55:32PM +0200, gustav trede wrote:
> On 15 August 2010 12:50, Willy Tarreau <w@1wt.eu> wrote:
> 
> > On Sun, Aug 15, 2010 at 12:24:38PM +0200, gustav trede wrote:
> > > On 15 August 2010 12:07, Willy Tarreau <w@1wt.eu> wrote:
> > >
> > > > On Sun, Aug 15, 2010 at 05:10:09AM -0400, Shelby Moore wrote:
> > > > > An HTTP proxy that is compatible with draft/proposal #76 (the
> > contentious
> > > > > one that passes 8 extra characters after the HTTP header without a
> > > > > Content-Length header), would need a specific code path for the
> > WebSocket
> > > > > upgrade request in order to pass 8, and only 8, extra characters
> > > > > (concensus is that passing an arbitrary content length would be a
> > > > security
> > > > > hole).
> > > > >
> > > > > Isn't it the antithesis of the 80/20 rule and interoperability to
> > require
> > > > > every HTTP proxy in the world to have specific code path for every
> > > > > possible future HTTP Upgrade protocol that comes along?
> > > >
> > > > it's even worse than that, it means that such a reverse-proxy, when
> > shared
> > > > between HTTP and Websocket, will have to accept to blindly forward
> > those 8
> > > > bytes everytime someones *pretends* to talk websocket, without the
> > server's
> > > > consent.
> > > >
> > > > Since reverse-proxies are used everywhere (in IDS, HTTP-aware
> > firewalls,
> > > > caches, load balancers, etc...), it is not even advisable to have
> > per-host
> > > > or per-IP rules considering the large number of hosts that can be
> > installed
> > > > behind any of them.
> > > >
> > > > So it is very important that if we go the HTTP way, we respect the
> > > > protocol's
> > > > semantics.
> > > >
> > > > In fact, the protocol can be made HTTP compliant by switching two lines
> > in
> > > > the description of the server's behaviour : the server just has to send
> > the
> > > > 101 *BEFORE* it reads the /key3/ parameter, and we're done.
> > > >
> > > >
> > > So how come that several technical unsound ideas that more or less
> > originate
> > > from one person is ending up in the spec proposal in the first place ?.
> >
> > You can't blame one single person for proposing something that does not
> > happen to work in some circumstances. If everything was that simple, the
> > proposal would already have become a spec. One of the goal of the single
> > person was to ensure that we'd get quick failures through incompatible
> > intermediaries. Achieving this means we may play on the border line of
> > the protocol. As long as no problem is identified, there's nothing wrong.
> > It's once the problem is identified that we must fix it and get back to
> > the compliant side of the protocol.
> >
> > Regards,
> > Willy
> >
> > Its not the person, its the process of how ideas get formalized into the
> spec i was asking about.
> Discussions like the one going on now regarding a serious problem, is
> perhaps something that should happen before there is a magical decision to
> move an idea into the spec proposal ?.

It has happened, I've personally ben raising several HTTP incompatibilities
since January. Things are slowly making progress but there are security and
performance trade-offs to take into account, which don't make it easy to get
something which satisfies all needs.

What's important is that those issues don't get lost. Sal entered them into
the bug tracker.

Regards,
Willy

v2.37.1 | Report a Bug | By Email | System Status