IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC9204 (7277)

Lucas Pardue <lucaspardue.24.7@gmail.com> Mon, 29 January 2024 15:21 UTC

Return-Path: <lucaspardue.24.7@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0837C14F5FE for <quic@ietfa.amsl.com>; Mon, 29 Jan 2024 07:21:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.855
X-Spam-Level:
X-Spam-Status: No, score=-5.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uezQNr5QPfP for <quic@ietfa.amsl.com>; Mon, 29 Jan 2024 07:21:53 -0800 (PST)
Received: from mail-oa1-x2d.google.com (mail-oa1-x2d.google.com [IPv6:2001:4860:4864:20::2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 037B4C14E515 for <quic@ietf.org>; Mon, 29 Jan 2024 07:21:47 -0800 (PST)
Received: by mail-oa1-x2d.google.com with SMTP id 586e51a60fabf-2184133da88so1553078fac.0 for <quic@ietf.org>; Mon, 29 Jan 2024 07:21:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706541707; x=1707146507; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+lqBUvzxOImf92dXwry8tiUSiEL5ZBq1gXkNI9nHy3w=; b=BSQSSJNTdOpLiqx7v62a2L6VamEKpV5bKn6mWpmv/Az6eoAIzlqUZLUkgvPt9QxsyF kl2ru/v3WedETbCDUmynAnx9aeYHxDFuTRkrsWrNMswr9rEdj28Hq4noD+RqIzAiRk+7 uB8IvrB+RJCOMhacfj8ttHomeQNSAro7+9FX2A0cQC++QEApR77mE/umxoeSg9EnLGR4 gMJGMFWE0gdUGW9i/YBO/TdAtD9eaZZlpXu7rybMbie7u6RKs9vVz6wrc6WKTlRKZ5fq RsOOLYSCFMdO2/hMT5jhikgf8oeiOMji2Upf5mFwXKAMgd1x1bMyCeu+TnNGZwQRyS2r 8urg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706541707; x=1707146507; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+lqBUvzxOImf92dXwry8tiUSiEL5ZBq1gXkNI9nHy3w=; b=BL9rSpZqVJpxsxj3HjNKGV4yX+3UR6p+Qb8Pazv4BeV6LV3U2lHHp7d82MI2jPr/bx 1Mxqm83CBR455g5Yx9eeGOAHcv1hI2ySl+HYZwL+B34w9mX2DwhEUmYqi01NkH25iQ6j JprqHLEFV98TfJ3fEGjfTDkFbozceKZS1Wo9a0D8iBUW5+xbpgokPlyBdgrRtJe+xHJj 3rOcAWuoFSY4c1JziUMysb2SrX/8ZOftFE27PWD2jUEvKBAvL6jjcRSTUuKZDr90gOk3 RLYtebZ9PjxrrBsBmJ3KUF8OvwK1ycFP+UXgJ2YVoVc0nGeg/JEJWc+lYMcVqy9A24VP 11WA==
X-Gm-Message-State: AOJu0YxOqSRlnFuNoOeayf3YoKy7LkDqEuK9ndVfob/Va6uY40MOX8L+ ByBdYvgYhRouArZxDLpGBhjcTqvMUFCN4kzFwWQXKbYFJgtIZQ3S4dA05rdD486d+Hi811kH5EJ 62jAEzfRzW9S8Z4MyQJYq7a084EIHGOo2
X-Google-Smtp-Source: AGHT+IEmhhcuRbI3wVH6PNVwFVgWK5wyHFTZrzeTxwQzmipUZ7MlsBmVXOs3Rz3EZbGuC8bQKq10XKla3GVQIExOKgU=
X-Received: by 2002:a05:6870:40d2:b0:210:7f85:18ff with SMTP id l18-20020a05687040d200b002107f8518ffmr5197989oal.29.1706541706814; Mon, 29 Jan 2024 07:21:46 -0800 (PST)
MIME-Version: 1.0
References: <AM0PR07MB6019FE11E37D09E25974336D987E2@AM0PR07MB6019.eurprd07.prod.outlook.com>
In-Reply-To: <AM0PR07MB6019FE11E37D09E25974336D987E2@AM0PR07MB6019.eurprd07.prod.outlook.com>
From: Lucas Pardue <lucaspardue.24.7@gmail.com>
Date: Mon, 29 Jan 2024 15:21:35 +0000
Message-ID: <CALGR9oaTQguNs58qKPbH=Hp5DaxuRENHLmyzxtFG=AXZqNqv-w@mail.gmail.com>
Subject: Re: [Technical Errata Reported] RFC9204 (7277)
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, Martin Thomson <mt@lowentropy.net>, Julian Reschke <julian.reschke@gmx.de>, "Roy T. Fielding" <fielding@gbiv.com>, "quic@ietf.org" <quic@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="0000000000003aaa5e061017341e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/6nnc65GIFN4QgHMhlsMNTuFnwkM>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2024 15:21:57 -0000

(+ HTTP WG)

I could live with a hold, and people can use this erratum to decide the
scope of work if QPACK is ever revved.

Cheers
Lucas

On Mon, Jan 29, 2024 at 9:16 AM Francesca Palombini <
francesca.palombini@ericsson.com> wrote:

> Hi Lucas,
>
>
>
> This to me sounds like “Hold for doc update”, not necessarily to do design
> changes but just to clarify these points. Would you agree?
>
>
>
> Francesca
>
>
>
> > Hey,
>
> >
>
> > Arguably from a QPACK perspective, these entries are not useless, since
>
> > they can be used by a server that wants to encode a header field with
> that
>
> > name and value. QPACK doesn't have an opinion on header syntax, as long
> as
>
> > the entries in its table meet its own rules things are ok. That can
>
> > sometimes surprise people, something higher up the stack has to deal with
>
> > validating fields themselves. For a HTTP proxy, if it were passing
> through
>
> > "access-control-allow-credentials: TRUE" it's likely to be doing so
>
> > verbatim, and so QPACK offers the chance to do it using a smaller
> encoding.
>
> >
>
> > It's also worth noting that QPACK encoding can use an indexed field name
>
> > without needing to use the value, for instance using the indexed field
> name
>
> > (entry 73 or 74) and a string literal "true". And given the length of the
>
> > string "access-control-allow-credentials" there are still compression
>
> > savings to be had from using its index instead. Or an implementation
> could
>
> > try to match "access-control-allow-credentials: true" to a static table,
>
> > fail and just insert it into their dynamic table without batting an
> eyelid.
>
> >
>
> > The background to the choice of QPACK static table entries is probably
>
> > sumamrised best on
>
> > https://github.com/quicwg/base-drafts/wiki/QPACK-Static-Table.
>
> >
>
> > I agree it's unfortunate that we captured some information in the table
>
> > that turned out not to be compliant with its related specification. Any
>
> > design change to support alternative static tables is going to be hard
> and
>
> > disruptive. A note to say the entry values are non-standard might help.
>
> > However, we'd want to understand who the target audience is and whether
>
> > they'd really care about what we said.
>
> >
>
> > Cheers
>
> > Lucas
>
> >
>
> > On Fri, Dec 16, 2022 at 10:07 AM Magnus Westerlund <magnus.westerlund=
>
> > 40ericsson.com@dmarc.ietf.org> wrote:
>
> >
>
> > > Hi,
>
> > >
>
> > >
>
> > >
>
> > > Isn’t this a Hold for Update case? The table is wrong in the sense
> that it
>
> > > contains useless entries as they don’t represent syntactically correct
>
> > > values. And in the future if the static table is revised and a way of
>
> > > knowing that the peer uses the revised table this should be addressed.
> So I
>
> > > would think a Hold for Update is an appropriate response to this
> errata. Or
>
> > > even just to clarify in the spec that these are mostly useless.
>
> > >
>
> > >
>
> > >
>
> > > Cheers
>
> > >
>
> > >
>
> > >
>
> > > Magnus Westerlund
>
> > >
>
> > >
>
> > >
>
> > > *From: *QUIC quic-bounces@ietf.org on behalf of Martin Thomson <
>
> > > mt@lowentropy.net>
>
> > > *Date: *Friday, 16 December 2022 at 01:31
>
> > > *To: *quic@ietf.org quic@ietf.org
>
> > > *Subject: *Re: [Technical Errata Reported] RFC9204 (7277)
>
> > >
>
> > > Unfortunately, I think we have to reject this report.  Though the
> values
>
> > > for these entries might be useless, we can't change this without
> creating
>
> > > interoperability issues.
>
> > >
>
> > > On Fri, Dec 16, 2022, at 10:31, RFC Errata System wrote:
>
> > > > The following errata report has been submitted for RFC9204,
>
> > > > "QPACK: Field Compression for HTTP/3".
>
> > > >
>
> > > > --------------------------------------
>
> > > > You may review the report below and at:
>
> > > > https://www.rfc-editor.org/errata/eid7277
>
> > > >
>
> > > > --------------------------------------
>
> > > > Type: Technical
>
> > > > Reported by: Rory Hewitt rory.hewitt@gmail.com
>
> > > >
>
> > > > Section: Appendix A
>
> > > >
>
> > > > Original Text
>
> > > > -------------
>
> > > > In the static table, entry 73 has a value of:
>
> > > >
>
> > > > access-control-allow-credentials: TRUE
>
> > > >
>
> > > > and entry 74 has a value of:
>
> > > >
>
> > > > access-control-allow-credentials: FALSE
>
> > > >
>
> > > > Corrected Text
>
> > > > --------------
>
> > > > Entry 73 should have a value of:
>
> > > >
>
> > > > access-control-allow-credentials: true
>
> > > >
>
> > > > (note the lower-case value of "true")
>
> > > >
>
> > > > and entry 74 should NOT EXIST since "FALSE" (in upper-case
>
> > > > or lower-case) is not a valid value for this header.
>
> > > >
>
> > > > Notes
>
> > > > -----
>
> > > > The "access-control-allow-credentials" header is a CORS header. It
> only
>
> > > > has one allowed value - "true" (without quotes, MUST be in
> lower-case).
>
> > > > Values of "TRUE", "FALSE" and "false" are all invalid values, as is
> any
>
> > > > mixed-case version of "true".
>
> > > >
>
> > > > See the latest WHATWG spec at
>
> > > > https://fetch.spec.whatwg.org/#cors-protocol-and-credentials which
>
> > > > notes the required case-sensitivity of the "true" value and that it
> is
>
> > > > the only valid value.
>
> > > >
>
> > > > Also see the prior W3C spec at
>
> > > >
>
> > >
> https://www.w3.org/TR/2020/SPSD-cors-20200602/#access-control-allow-credentials-response-header
>
> > > > which says the same thing. Note that the W3C spec was superseded by
> the
>
> > > > WHATWG spec.
>
> > > >
>
> > > > Note that there are many instances of
>
> > > > "access-control-allow-credentials: false" being returned from server
>
> > > > responses (which is presumably why these values were added to the
>
> > > > table), but they are invalid and the servers that send them are not
>
> > > > following the CORS specification.
>
> > > >
>
> > > > There may be case to be made that the static table is defined to make
>
> > > > the QPACK algorithm as performant as possible and therefore it should
>
> > > > include not only commonly-used valid values, but also commonly-used
>
> > > > invalid values. However, the static table should ideally contain only
>
> > > > valid header values.
>
> > > >
>
> > > > Instructions:
>
> > > > -------------
>
> > > > This erratum is currently posted as "Reported". If necessary, please
>
> > > > use "Reply All" to discuss whether it should be verified or
>
> > > > rejected. When a decision is reached, the verifying party
>
> > > > can log in to change the status and edit the report, if necessary.
>
> > > >
>
> > > > --------------------------------------
>
> > > > RFC9204 (draft-ietf-quic-qpack-21)
>
> > > > --------------------------------------
>
> > > > Title               : QPACK: Field Compression for HTTP/3
>
> > > > Publication Date    : June 2022
>
> > > > Author(s)           : C. Krasic, M. Bishop, A. Frindell, Ed.
>
> > > > Category            : PROPOSED STANDARD
>
> > > > Source              : QUIC
>
> > > > Area                : Transport
>
> > > > Stream              : IETF
>
> > > > Verifying Party     : IESG
>
> > >
>
> >
>

v2.23.0 | Report a Bug | By Email