Re: [Technical Errata Reported] RFC9204 (7277)
Martin Thomson <mt@lowentropy.net> Fri, 16 December 2022 00:31 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD2CC14F74B for <quic@ietfa.amsl.com>; Thu, 15 Dec 2022 16:31:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=JRbx5ieN; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=j1scDNoO
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p3HPYcTPPBuW for <quic@ietfa.amsl.com>; Thu, 15 Dec 2022 16:31:18 -0800 (PST)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80DFEC15BFC9 for <quic@ietf.org>; Thu, 15 Dec 2022 16:31:18 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id D7FE7320030E for <quic@ietf.org>; Thu, 15 Dec 2022 19:31:17 -0500 (EST)
Received: from imap41 ([10.202.2.91]) by compute6.internal (MEProxy); Thu, 15 Dec 2022 19:31:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; t=1671150677; x=1671237077; bh=aanJRAQUed lyb4lGKa090kM5oTQ9a7/k7h0vFyy18NE=; b=JRbx5ieNuDHHkOljIBsx8toalH zB8dApnXC4LIyULFCftEdG7ghbpfxI+kPHeT11awBzJF/cux+u/ulRRYCJA2CLrh XmGT44Roje6+O0DrnAaefBi39k7TvlqCLaauHwEo+J6ht84mbnBoNk/CtQ+JCl00 xRrfa9O9NBJTSF305itucfyWEXbO8wdwVgBWTevAyDc4vuzHBGW/EUbVwN6Ft7G2 Ojo2MyCxbNgG6SyDEl3xmy69BT94+K70TKruAyd9Crgub92wIX+Dvhl6l0Q+h3DB oidlSSKCRJL6sviSPlyZXXTVkLoypgzOThREGJ/gssilqEAQO6PWv+QBfrDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1671150677; x=1671237077; bh=aanJRAQUedlyb4lGKa090kM5oTQ9 a7/k7h0vFyy18NE=; b=j1scDNoO4hXciKO2kHsT2hJEVxJAMy4xTUB7Wd6lvZmR lFPpUU8WvQASCktOZ/rHo+3zz7qqIXnpJTFnUJhDnWmlD4Mybjc0Tfth0MhDvzyQ lPJ6NACKPyy1YVZ3StHSK97jDCd1jRMBobCyjngX9j3yBZ0T2F/vSWAP98tewj9B +dOHZl81l2mXA68HyvPNw6kN7u48rCL70ZhqvjRXGRxY8ZoJhctLdET5vqhDHQ4t 54CKIVPWHqb+3RIL6aqZsig4e9wpdaLbBJ3bx/NlJNrjE5wOgCoYHox2DQw3cHn6 4JHSjofsEsLjSyIzcw7ueUhULqH3W1DjUZu69PF5yQ==
X-ME-Sender: <xms:VbybY0KiMGjzNMrrC8NE1__VMJSyvh7QDbGiMeYDM58Tt9YYuWvt9Q> <xme:VbybY0J-SicfTXmk7J56r0UnIPDIW_D45ICRFrIZNNNwTGSzYB4Nam2qRfs7zXoCy WrWTvcWTLuCs4hkWG8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeeigddvudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepheeludffieelffelteeiud ekhfeivedtudetgfekjefhieduuddutddviefhudeunecuffhomhgrihhnpehrfhgtqdgv ughithhorhdrohhrghdpfihhrghtfihgrdhorhhgpdiffedrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhho phihrdhnvght
X-ME-Proxy: <xmx:VbybY0tmX0DZs3uW7OjoRy26_QysETBSstJV-zcXPSQjzfvEmNzdDA> <xmx:VbybYxZcjbp3AI79_POoLc7bBmBj88uPk6mKGSEobuX7lGIPtkL8bg> <xmx:VbybY7a9d6OHtlZCtivoonUJMWsq08EJz8p3iUX1Ie3TN36kM3xdhg> <xmx:VbybY0lT5qCQyKswHPOL09OoBYtZW9ME8mdT1F34FxDVhsjSWa4xfQ>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 358562340080; Thu, 15 Dec 2022 19:31:17 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-1185-g841157300a-fm-20221208.002-g84115730
Mime-Version: 1.0
Message-Id: <b7a486d9-d23b-4d71-8fa3-ca811c14eead@betaapp.fastmail.com>
In-Reply-To: <20221215233141.39BA52B443@rfcpa.amsl.com>
References: <20221215233141.39BA52B443@rfcpa.amsl.com>
Date: Fri, 16 Dec 2022 11:31:04 +1100
From: Martin Thomson <mt@lowentropy.net>
To: quic@ietf.org
Subject: Re: [Technical Errata Reported] RFC9204 (7277)
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/-pRuRGhHfL42a6CV18e20lmhcd4>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2022 00:31:23 -0000
Unfortunately, I think we have to reject this report. Though the values for these entries might be useless, we can't change this without creating interoperability issues. On Fri, Dec 16, 2022, at 10:31, RFC Errata System wrote: > The following errata report has been submitted for RFC9204, > "QPACK: Field Compression for HTTP/3". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid7277 > > -------------------------------------- > Type: Technical > Reported by: Rory Hewitt <rory.hewitt@gmail.com> > > Section: Appendix A > > Original Text > ------------- > In the static table, entry 73 has a value of: > > access-control-allow-credentials: TRUE > > and entry 74 has a value of: > > access-control-allow-credentials: FALSE > > Corrected Text > -------------- > Entry 73 should have a value of: > > access-control-allow-credentials: true > > (note the lower-case value of "true") > > and entry 74 should NOT EXIST since "FALSE" (in upper-case > or lower-case) is not a valid value for this header. > > Notes > ----- > The "access-control-allow-credentials" header is a CORS header. It only > has one allowed value - "true" (without quotes, MUST be in lower-case). > Values of "TRUE", "FALSE" and "false" are all invalid values, as is any > mixed-case version of "true". > > See the latest WHATWG spec at > https://fetch.spec.whatwg.org/#cors-protocol-and-credentials which > notes the required case-sensitivity of the "true" value and that it is > the only valid value. > > Also see the prior W3C spec at > https://www.w3.org/TR/2020/SPSD-cors-20200602/#access-control-allow-credentials-response-header > which says the same thing. Note that the W3C spec was superseded by the > WHATWG spec. > > Note that there are many instances of > "access-control-allow-credentials: false" being returned from server > responses (which is presumably why these values were added to the > table), but they are invalid and the servers that send them are not > following the CORS specification. > > There may be case to be made that the static table is defined to make > the QPACK algorithm as performant as possible and therefore it should > include not only commonly-used valid values, but also commonly-used > invalid values. However, the static table should ideally contain only > valid header values. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC9204 (draft-ietf-quic-qpack-21) > -------------------------------------- > Title : QPACK: Field Compression for HTTP/3 > Publication Date : June 2022 > Author(s) : C. Krasic, M. Bishop, A. Frindell, Ed. > Category : PROPOSED STANDARD > Source : QUIC > Area : Transport > Stream : IETF > Verifying Party : IESG
- [Technical Errata Reported] RFC9204 (7277) RFC Errata System
- Re: [Technical Errata Reported] RFC9204 (7277) Martin Thomson
- Re: [Technical Errata Reported] RFC9204 (7277) Magnus Westerlund
- Re: [Technical Errata Reported] RFC9204 (7277) Lucas Pardue
- Re: [Technical Errata Reported] RFC9204 (7277) Julian Reschke
- Re: [Technical Errata Reported] RFC9204 (7277) Roy T. Fielding
- Re: [Technical Errata Reported] RFC9204 (7277) Lucas Pardue
- Re: [Technical Errata Reported] RFC9204 (7277) Roy T. Fielding
- Re: [Technical Errata Reported] RFC9204 (7277) Francesca Palombini
- Re: [Technical Errata Reported] RFC9204 (7277) Lucas Pardue