Re: [secdir] Secdir last call review of draft-ietf-httpbis-early-hints-03
Willy Tarreau <w@1wt.eu> Fri, 07 July 2017 09:23 UTC
Return-Path: <w@1wt.eu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D8A7126B6D; Fri, 7 Jul 2017 02:23:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqGdnzzFhqAd; Fri, 7 Jul 2017 02:23:25 -0700 (PDT)
Received: from 1wt.eu (wtarreau.pck.nerim.net [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id DC1D41204DA; Fri, 7 Jul 2017 02:23:24 -0700 (PDT)
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id v679NG3K027610; Fri, 7 Jul 2017 11:23:16 +0200
Date: Fri, 07 Jul 2017 11:23:16 +0200
From: Willy Tarreau <w@1wt.eu>
To: Melinda Shore <melinda.shore@gmail.com>
Cc: Kazuho Oku <kazuhooku@gmail.com>, secdir@ietf.org, draft-ietf-httpbis-early-hints.all@ietf.org, IETF Discussion Mailing List <ietf@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20170707092316.GA27560@1wt.eu>
References: <149919703750.15996.5462759432298024921@ietfa.amsl.com> <CANatvzx8GsvoYMscHciKNrOwRzcz1v7=jTCUUp4Z5E=jO9Wd6g@mail.gmail.com> <7273f8ab-c1ff-5dff-862e-0a1ead6d28b2@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <7273f8ab-c1ff-5dff-862e-0a1ead6d28b2@gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/vzWwkebPwn1l56r5n4333DGMheQ>
Subject: Re: [secdir] Secdir last call review of draft-ietf-httpbis-early-hints-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2017 09:23:27 -0000
On Fri, Jul 07, 2017 at 05:54:41AM +0000, Melinda Shore wrote: > On 7/6/17 8:40 PM, Kazuho Oku wrote: > > Regarding the wording, I think it would be better to keep the tone > > as-is, rather than suggesting implementers not to send an Early Hints > > response over HTTP/1.1 depending on the client. > > Yeah, you don't want to discourage implementation. I think > the goal is to find some balance between not putting off > implementers on the one hand, and having to deal with an > embarrassing incident on the other. I'd be more comfortable > with language that's a bit stronger but it's not a huge > issue, certainly not one that's an impediment to moving the > document forward (particularly given that it's intended for > publication as an experimental standard). I'm just thinking about the fact that we're not even sure that any HTTP/1.1 client doesn't support these informational responses, because such clients can already make use of Expect: 100-continue (so they know about 100), and if I remember well when designing the 101 upgrade for WebSocket, which was reused for HTTP/2, some of the difficulties we faced was that some clients/intermediaries were consuming 101 as 1xx and waiting for a final response after it. Maybe the stronger wording should be oriented differently, such as "Servers MUST not send 103 to HTTP/1.0 clients nor to any client known not to support 1xx informational responses" ? This way it leaves the possibility opened (ie rely on version and/or user-agent or anything else once an exception is known). Just my two cents, Willy
- [secdir] Secdir last call review of draft-ietf-ht… Melinda Shore
- Re: [secdir] Secdir last call review of draft-iet… Kazuho Oku
- Re: [secdir] Secdir last call review of draft-iet… Melinda Shore
- Re: [secdir] Secdir last call review of draft-iet… Willy Tarreau
- Re: [secdir] Secdir last call review of draft-iet… Mark Nottingham
- Re: [secdir] Secdir last call review of draft-iet… Kazuho Oku
- Re: [secdir] Secdir last call review of draft-iet… Stefan Eissing
- Re: [secdir] Secdir last call review of draft-iet… Willy Tarreau