IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC9204 (7277)

Francesca Palombini <francesca.palombini@ericsson.com> Mon, 29 January 2024 09:17 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E232FC14F5ED for <quic@ietfa.amsl.com>; Mon, 29 Jan 2024 01:17:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSPKGhwmhBIj for <quic@ietfa.amsl.com>; Mon, 29 Jan 2024 01:16:56 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2050.outbound.protection.outlook.com [40.107.22.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44C0FC14F5FD for <quic@ietf.org>; Mon, 29 Jan 2024 01:16:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CutkXU7SkZQ1UeRVzKIpZJzVh+P2XNbrZAvOt37UtLBccZh55gFR6bYX88lBjBV0n4Tt+rA0nl+R3oEVh0iuVo7sjYOIWw4FQC0KP+0VggOvZsnDh2Z3T8nhjw3gtxhWQuprqGGfRIHDwxD/uYuqIrGbDZq/WNrX+eYx8JO9gY8v7fWmfTtErFBk2kxhqQ8Pr+id2pqEfMfdh/NLboncJ4ushGE83YXceuX8hGHyjnmz3b5SZnzQhPeVRpwrHmlld7yOiS48Yyr3aH6dN5QJaTp+2SkTlK/8q1BufWg6boOJygRZ9rG8OUhr6IY0oYmgVDPDM13otWrMMJeGjbCm+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9NG0Ae6dFOf8HX3TY9Adb1dZ0wUfdPsdY+2UHlaOGnU=; b=mnAKYO4VYgQPO9pO0xhLk3t+JzX2BHfvyPbIQrj9L9bbLW1U1gud2Gl2csLu4G852D6oBYgnbcXsNuEX4q9jwwFC4Q79EUPOadEX94eJJ4AE09z1lsXyfjpJrYGbyGaCVVSin0reImdyeqHSyTs9dK2Err55q4YlS6llSQ6t3fbzgb/034Iie9g0RKP60t5lSN/7z5Cnm42jslGPvBw0x+396BsdIEWbiI3tX11IF0fKVh/W4R9DlviUGx77nww+czcTCbiDL129HFYwgTuQemdTE3WO8EFfEoWrzU+bQrBCqeo5qeyyJ1ssdQoowpfhZoSjiMxdQjzf60ms2k3RNg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9NG0Ae6dFOf8HX3TY9Adb1dZ0wUfdPsdY+2UHlaOGnU=; b=zP8PxnfTnDchvConiM3Fv9F6DRjffyCx10DLtXaUgoCO1tahM/FHNTJgjQzBRuh27zRpfRi+By2sNEib3PKi79G84zXjm0k2qDccdfuqTELwD1iqODHoz2mVW2xnxqd/MYSapAxhqqD4Gj9HiJJkj7UxYGcapqa0SDe1LDs33JJ3lzPJjfbe2loco85iAUFSGaV1iOhydE15zF6hS4QUfHpPTTpFwPrU5obh70Xn2C4aMcRJvAQX3/xKPjrfsY5xSme1ZJH2PN0Owfs1rwr2WFnSGX2cnptaPZsqWdSavKHrgELXhTcnNI1toJSnCq19u1QeSH97Ak06txcA8Apxdw==
Received: from AM0PR07MB6019.eurprd07.prod.outlook.com (2603:10a6:208:10f::14) by PR3PR07MB6507.eurprd07.prod.outlook.com (2603:10a6:102:2e::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.32; Mon, 29 Jan 2024 09:16:52 +0000
Received: from AM0PR07MB6019.eurprd07.prod.outlook.com ([fe80::c919:9883:93af:8d84]) by AM0PR07MB6019.eurprd07.prod.outlook.com ([fe80::c919:9883:93af:8d84%6]) with mapi id 15.20.7228.029; Mon, 29 Jan 2024 09:16:52 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Lucas Pardue <lucaspardue.24.7@gmail.com>
CC: Magnus Westerlund <magnus.westerlund@ericsson.com>, Martin Thomson <mt@lowentropy.net>, Julian Reschke <julian.reschke@gmx.de>, "Roy T. Fielding" <fielding@gbiv.com>, "quic@ietf.org" <quic@ietf.org>
Subject: Re: [Technical Errata Reported] RFC9204 (7277)
Thread-Topic: [Technical Errata Reported] RFC9204 (7277)
Thread-Index: AQHaUpIu5PvArScik0GF9SOdsHjJDA==
Date: Mon, 29 Jan 2024 09:16:48 +0000
Message-ID: <AM0PR07MB6019FE11E37D09E25974336D987E2@AM0PR07MB6019.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM0PR07MB6019:EE_|PR3PR07MB6507:EE_
x-ms-office365-filtering-correlation-id: b8d7c3fb-7e45-421d-71cd-08dc20ab07f5
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: syRp5qCSaRkpZlJXYZ/EofF018FMcOEqXjjIE6odVT9k//3wM+mm/3Eou9h7WGtknStLX/EmJ86yDnIFTKmnAf/dRueH3+YwgKs/gILD5UQBygsUsQ7SAQEtOGjVHoF9gL/hKvdKhQtTAsaxq8FBNQ4TGxJNbAuz52MePDQWqtGJh+PWr288lWj6RrU0zBvyMu1CirRMDL8U2YlMW/j9nPENQds2DFsyckxlPlkT5iGFik/TDFj9eETa6l2C+ldZB1lTsQZ9zR6DRLbgJWxy00Q3YZcSt11U7RJ9PdAQd6Ieap8pXXb3Mn75Za6xpkpsI/eYwP9xQi6nEQ55ZA48XFOEY60eKYYzZkjFQ60ceBdFQa5oldYSi+L2WxIaruIEaw7o3+bRXNqI3Wf/czHSkB/m9hPloipPoZHjTPOjDq/4wLelJiRI0eJuxMjSFh0/pZf7uFELhDLAvcEzmIKzv13T9oVp3KbXMKJUtPVA8lYeduEV3Lt3j/lZjq89/zpLMSU0y/ZK8rYURpJowIpiE4cDS9WC1+CKKWmEBKJhnMqYyTCmLmCYXTTk4ISSfc7l9LxkHoDSpzeGSo0IwPPqtsHf1SsHNdkJI/um6IQNXzOWMwNDmRxiWwbL+FSMjtrMCb11lue3+IBIpJlQakS4wg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB6019.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(396003)(346002)(366004)(136003)(230922051799003)(451199024)(186009)(64100799003)(1800799012)(55016003)(26005)(41300700001)(66899024)(66446008)(966005)(38070700009)(316002)(6916009)(54906003)(64756008)(9686003)(478600001)(53546011)(7696005)(6506007)(6666004)(83380400001)(71200400001)(38100700002)(82960400001)(166002)(122000001)(66476007)(66556008)(5660300002)(33656002)(2906002)(66946007)(76116006)(91956017)(86362001)(44832011)(4326008)(8676002)(8936002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rgLdzHTmxANGXQdS+1bdLBUWAFAhmf5ivsG2CubRMm/WVfQQWmtUGCZw0lRd3IpNqbLTDvYUPSVur1yuEmjfO+bJWjnwDFDpBvJFirUFheLEqlAKS8RhymouHfbFUjNRtByuQzkKRp92kUgabixWA0wGj0msIK4/TLkKcK93ai+ofv5OBJta3NzX3MB8sg+FKUzEAxoBq7yGn6ciAcKeJvcLu3aYetiLbSs3iT/GStNnqK3t05EhLM1cO1SPFmX1+THDjOEtr2bgmXirlInBBGTdXN5sS0SF5x+qbFdrOtyiVzZE4FHfKrDz5VAhTZBhUYSZbnQih8F//QF4VBpDj0IuBE9NrUSiY46mqqXSvMHI+nq7qH8y/kt6Sffho3QTUAt4mM0b6vI6BBhXA8evDNNZHXNjsuViJQRV3o9gc9GPWSMlQG9ek1CrxhgqfEjQgP0J8tXoktmObEUbAB1je/a0OaaQyq+F2bdFGEKXRukx/qxCe7m/Hd+aYa5jmxf8EPacU3bBq3TzqcIpfnJymspsGXYur91T5lWL5ygSKWd5s+gbGYt+81bhBqIImYSe3/sAL5vqt7U1YBGHyYod0kBrCs0+70pYvHHSM7vh9FdtEqlQaGftsVC/Ir6Oz7I3kVNuIRj7UbWdSJf14LryOVzrbpg7G+F//RE6XAPZ9kIDT6+h+ObrJt/RwXZ9ZfBKIK0qaPJr8f/HCcvlTSNxhHKRytTPds41egaj70361q69MMQAJNnYhMe/jYlw5ZtFAZJzNPpY4GAYgnuA2BlQgIOZb1gFYt4sIr9gzWP18nPX6qInI5kd00hTVjhhQN6TfRrHZmy+HRFOWdzgB/scAJkpv3/rLRHzCjNdTEk720VFaaWePoan3j02NUK5Bb3JNsY/ZcqOsrGqHHXXB4xL3IxZBOi1oAgSfKQjL/1imMCB4mXO7SszBi+aytqB65Z+R8b7cA9G4YDFXjpBclFxWxF0jxRVMMp3QVcAoEFXH6qK8pRepx1E9smLbk+Y8BQXU3UiucjVccHzIDSsYmIwGR1JIpQsPb1UwRv/TVye7oTuguhXNTI2ej/VCuZYHwM6trhl5mOMBHb5Fi8DvZhls0OI30CurwMfZkOY0FdZ2Au6hLYdAQOIF1I322L+GB764J8tKHASavBEBYuz3OJuJY0HZBtqT9R3un3K/A4tcC0xWrtQUnrwoUBydQVSGVyeVxXkHVy5xoMxFunqKnT15Kl1ixEcOJP7VDhRy1GaylMm/yCxms7k26Yr7vw1evOZw9mKodH70prpI98BoJnS3gbpEhdnZZGwkDW9akUdJlUcXUWUjvasLysmsxakmFLP6wP4m4MPZEyJHH0QzEzvStnZXwEuOILM0i1Uc+nbcu88kYNT+g9BRV4cBxS5hb+N2SnSRyz2ylNlxdK1lLPo+vh3jIPeXY7PAGZHzuLia3zGqXULGpUzA9lpwaXVhLHPBM02TaOUTESMfjqptzeUF5A1uBoK78u/44H2gKMru5jRAgn00Hk/iwZ1ZsHRZrOcHsMKLKp5EEIxN49xbfp7lgKRXhLkHQacKXLJCR9ouamZ4vTCUGOAIlBhuIOVGQw+WLAwguCeyEEf8AcfyQmp2g==
Content-Type: multipart/alternative; boundary="_000_AM0PR07MB6019FE11E37D09E25974336D987E2AM0PR07MB6019eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR07MB6019.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b8d7c3fb-7e45-421d-71cd-08dc20ab07f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2024 09:16:52.4330 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fvf+NHLSEf7mgE7HnlPG/zWE8LKhUI7rr5MiNYrFTZEUQfMWwC0JhOnM6Ojb3dqK5ZGgjblpS62I6utqesEZ578exC6eb9sbLCc+23b69Klz+wEb/STGXMw4qAovdXI/
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR07MB6507
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/qup5sgmF7GjHozlHBv3lY1FZqYI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2024 09:17:01 -0000

Hi Lucas,

This to me sounds like “Hold for doc update”, not necessarily to do design changes but just to clarify these points. Would you agree?

Francesca

> Hey,
>
> Arguably from a QPACK perspective, these entries are not useless, since
> they can be used by a server that wants to encode a header field with that
> name and value. QPACK doesn't have an opinion on header syntax, as long as
> the entries in its table meet its own rules things are ok. That can
> sometimes surprise people, something higher up the stack has to deal with
> validating fields themselves. For a HTTP proxy, if it were passing through
> "access-control-allow-credentials: TRUE" it's likely to be doing so
> verbatim, and so QPACK offers the chance to do it using a smaller encoding.
>
> It's also worth noting that QPACK encoding can use an indexed field name
> without needing to use the value, for instance using the indexed field name
> (entry 73 or 74) and a string literal "true". And given the length of the
> string "access-control-allow-credentials" there are still compression
> savings to be had from using its index instead. Or an implementation could
> try to match "access-control-allow-credentials: true" to a static table,
> fail and just insert it into their dynamic table without batting an eyelid.
>
> The background to the choice of QPACK static table entries is probably
> sumamrised best on
> https://github.com/quicwg/base-drafts/wiki/QPACK-Static-Table.
>
> I agree it's unfortunate that we captured some information in the table
> that turned out not to be compliant with its related specification. Any
> design change to support alternative static tables is going to be hard and
> disruptive. A note to say the entry values are non-standard might help.
> However, we'd want to understand who the target audience is and whether
> they'd really care about what we said.
>
> Cheers
> Lucas
>
> On Fri, Dec 16, 2022 at 10:07 AM Magnus Westerlund <magnus.westerlund=
> 40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote:
>
> > Hi,
> >
> >
> >
> > Isn’t this a Hold for Update case? The table is wrong in the sense that it
> > contains useless entries as they don’t represent syntactically correct
> > values. And in the future if the static table is revised and a way of
> > knowing that the peer uses the revised table this should be addressed. So I
> > would think a Hold for Update is an appropriate response to this errata. Or
> > even just to clarify in the spec that these are mostly useless.
> >
> >
> >
> > Cheers
> >
> >
> >
> > Magnus Westerlund
> >
> >
> >
> > *From: *QUIC quic-bounces@ietf.org<mailto:quic-bounces@ietf.org> on behalf of Martin Thomson <
> > mt@lowentropy.net<mailto:mt@lowentropy.net>>
> > *Date: *Friday, 16 December 2022 at 01:31
> > *To: *quic@ietf.org<mailto:*quic@ietf.org> quic@ietf.org<mailto:quic@ietf.org>
> > *Subject: *Re: [Technical Errata Reported] RFC9204 (7277)
> >
> > Unfortunately, I think we have to reject this report.  Though the values
> > for these entries might be useless, we can't change this without creating
> > interoperability issues.
> >
> > On Fri, Dec 16, 2022, at 10:31, RFC Errata System wrote:
> > > The following errata report has been submitted for RFC9204,
> > > "QPACK: Field Compression for HTTP/3".
> > >
> > > --------------------------------------
> > > You may review the report below and at:
> > > https://www.rfc-editor.org/errata/eid7277
> > >
> > > --------------------------------------
> > > Type: Technical
> > > Reported by: Rory Hewitt rory.hewitt@gmail.com<mailto:rory.hewitt@gmail.com>
> > >
> > > Section: Appendix A
> > >
> > > Original Text
> > > -------------
> > > In the static table, entry 73 has a value of:
> > >
> > > access-control-allow-credentials: TRUE
> > >
> > > and entry 74 has a value of:
> > >
> > > access-control-allow-credentials: FALSE
> > >
> > > Corrected Text
> > > --------------
> > > Entry 73 should have a value of:
> > >
> > > access-control-allow-credentials: true
> > >
> > > (note the lower-case value of "true")
> > >
> > > and entry 74 should NOT EXIST since "FALSE" (in upper-case
> > > or lower-case) is not a valid value for this header.
> > >
> > > Notes
> > > -----
> > > The "access-control-allow-credentials" header is a CORS header. It only
> > > has one allowed value - "true" (without quotes, MUST be in lower-case).
> > > Values of "TRUE", "FALSE" and "false" are all invalid values, as is any
> > > mixed-case version of "true".
> > >
> > > See the latest WHATWG spec at
> > > https://fetch.spec.whatwg.org/#cors-protocol-and-credentials which
> > > notes the required case-sensitivity of the "true" value and that it is
> > > the only valid value.
> > >
> > > Also see the prior W3C spec at
> > >
> > https://www.w3.org/TR/2020/SPSD-cors-20200602/#access-control-allow-credentials-response-header
> > > which says the same thing. Note that the W3C spec was superseded by the
> > > WHATWG spec.
> > >
> > > Note that there are many instances of
> > > "access-control-allow-credentials: false" being returned from server
> > > responses (which is presumably why these values were added to the
> > > table), but they are invalid and the servers that send them are not
> > > following the CORS specification.
> > >
> > > There may be case to be made that the static table is defined to make
> > > the QPACK algorithm as performant as possible and therefore it should
> > > include not only commonly-used valid values, but also commonly-used
> > > invalid values. However, the static table should ideally contain only
> > > valid header values.
> > >
> > > Instructions:
> > > -------------
> > > This erratum is currently posted as "Reported". If necessary, please
> > > use "Reply All" to discuss whether it should be verified or
> > > rejected. When a decision is reached, the verifying party
> > > can log in to change the status and edit the report, if necessary.
> > >
> > > --------------------------------------
> > > RFC9204 (draft-ietf-quic-qpack-21)
> > > --------------------------------------
> > > Title               : QPACK: Field Compression for HTTP/3
> > > Publication Date    : June 2022
> > > Author(s)           : C. Krasic, M. Bishop, A. Frindell, Ed.
> > > Category            : PROPOSED STANDARD
> > > Source              : QUIC
> > > Area                : Transport
> > > Stream              : IETF
> > > Verifying Party     : IESG
> >
>

v2.23.0 | Report a Bug | By Email