W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1994

Re: Comments on HTTP draft [of 23 Nov 1994]

From: Henrik Frystyk Nielsen <frystyk@ptsun00.cern.ch>
Date: Wed, 30 Nov 94 15:20:50 +0100
Message-Id: <9411301420.AA04805@ptsun03.cern.ch>
To: mfc@vnet.ibm.com, fielding@avron.ICS.UCI.EDU
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com

> >  b) makes it absolutely clear what is required for a server to be stated
> >     as conforming to the definition.
> 
> Yes.  Unfortunately (or fortunately, depending on how you look at it),
> almost all of the protocol is optional, and thus all the strict conformance
> areas must be surrounded by lots of IFs, HOWEVERs, and UNLESSes.
> But, getting it right is still the goal.

That's why there are so many `strongly recommended' ;-)

> > 2.1 The '#' rule implies that no whitespace is allowed after (or before)
> >     the commas in a list.  Is this correct?  For example, in the example
> >     in 7.1 there is a space after each comma (which certainly aids
> >     readability).
> 
> One major problem with the augmented BNF used by RFC822 (and MIME)
> is that it allows any amount of linear white space between tokens,
> but never specifies that in the rule definitions (it is treated as
> a general assumption for all rules).  I can understand why -- it is
> much easier to read the rules without the extra clutter -- but it runs
> against my desire for formality.
> 
> What do people think?  Define a new rule, e.g.
> 
>     ESP = 1*( [CRLF] LWSP-char )
>
> and insert it everywhere that zero or more linear-white-space is allowed?
> Or, just stick with the current method but add an explanation in 2.1.

Roy and I discussed this and I think that are argued for the current
model. However, an explanation in 2.1 is a good idea. The only place
where this is a problem is in RequestLine and StatusLine where
linear-white-space isn't allowed. Maybe this is not pointed out clearly
enough!

> >     (c) The ctext rule seems to be missing some characters (there's an
> >     open quote, followed by an open single quote, but neither is
> >     closed).  Also, shouldn't LF be excluded too?
> 
> Hmmm... should comments be allowed to fold (i.e. extend over multiple lines)?
> If so, then CR should not be excluded.  If not, then LF needs to be excluded.

As there is no current implementation I know of using comments it could
actually be left out - especially when we discourage usage of
comments.  The current spec is a compromise that I am quite happy with
- that is comments are allowed but not on multiple lines.

> Question for HTTP/1.1: Should we attempt to extend MIME C-T-E to be something
> useful, or just change Content-Encoding to be an ordered list of encodings
> rather than the current single-token?

I don't think this field is sufficiently important in HTTP to actually
do anything about it.

> >     It would seem to be appropriate that the HTTP protocol specify that
> >     Content-Length, in bytes, be Required--at least for Requests.

It is unfortunately not always possible to get the content-length
before transmission and at the same time preserve a reasonable
performance. An example is when a proxy is handling a FTP request and
returns the body to the client using HTTP.

> >     (b) Does the server have to read the headers (and data, if any) on a
> >     request?  For example, if the customizing filter/script doesn't need
> >     the information in order to determine the response, is the server
> >     permitted to leave the data unread, or could this embarrass some
> >     client(s) or TCP/IP stack(s)?
> 
> The Request-Headers must be read, though implementations may want to optimize
> and assume that if the Request-Headers have not completed within the first
> read buffer, then the rest are not important.  Since that is only a problem
> for SOME BROKEN CLIENTS, most servers could successfully pretend to be
> conformant while implementing the optimization.  Obviously, if there is
> any data in the request, the server had better read it (unless the request
> line has already errored-out).

I fully agree - if the headers are not read then we are close to go
back to HTTP version 0.9!

> > 5.  Request: The 0.9 requirement here (Simple Request must have Simple
> >     Response) is somewhat onerous on a server.  Is it possible to relax
> >     or remove this requirement yet, or are there still 0.9-only clients
> >     in use?  I've noticed that at least some Simple Responses will not
> >     go through some proxies transparently.
> 
> I believe proxies require Full-Requests.  Ari?

The CERN proxy talks HTTP 1.0 (almost) with proxy clients even if it
receives a 0.9 response from the origin server. I don't know how many
0.9 applications are still around, but I think that at least this spec
must have the notation documented. I think it can be taken out in futue
releases.

> > 5.2 Method and 5.2.2 Head: I'm surprised that the HEAD method *must* be
> >     supported, as it is ill-defined.  5.2.2 simply says that there must
> >     be no Object-Body; it seems that the header may or may not be
> >     related to the header that would be sent if the method were GET, and
> >     in particular, HEAD may as well just return an empty (null) header.
> 
> The definition of all the request methods need fleshing-out, but support
> for HEAD will still be required.
> 
> >     Further, in many cases the cost of determining, building and sending
> >     the header is going to be the major part of many transactions, so
> >     should clients or proxies be encouraged to use this Method?
> 
> That only reflects the cost for the server.  The cost to the rest of the
> network is significantly less, and that is what is important here.

For some types of applications it can be useful, however whenever
possible a conditional GET should be used instead!

> >     (b) Can the URI returned via a URI-header be a partial URI as
> >     described in 5.4?  Or does it have to be a full URI?  [I infer the
> >     latter.]
> 
> Many people have requested the former, but I have yet to see an
> implemented example of it.  Now that I have separated the URI-header
> definition from Location, we could define it as being allowed for
> URI but not for Location.

Sounds like a good idea!

> > 5.3 HTTP Version: Given that this definition is more rigorous than
> >     earlier documents, and hence must be more constraining, it would
> >     seem to be necessary to change the version number (perhaps to 1.1)
> >     to reflect the stricter conditions for compliance.  If the version
> >     number is not changed, then the date of the relevant HTTP 1.0
> >     document would have to be specified at every reference.

We have focused a lot on keeping the document in accordance with
existing implementations so I think that 1.0 would be appropriate. Roy
has a mail macro saying: "completely unacceptable this will break
existing implemtations!" ;-)

> > 5.4 URI Note 1: What's 'default escaping'?  What characters may be
> >     'considered unsafe'?  The "should" (probably meant to be "shall"?)
> >     implies that a server must comply with these conditions, but they do
> >     not seem to be well defined.

The note is taken from RFC 1630 and is meant to indicate that escaping
should be kept at a minimum. Unsafe characters are described in 1630.

> Yes, but proper implementation (where appropriate) of the conditional
> GET protocol will be strongly recommended and required for all new servers.

Refer to earlier note on HEAD!

> > 6.3.3 404 Method Not Allowed: is this only for the defined methods, or
> >     should this also be used for a misspelled or unrecognized method
> >     name?
> 
> Only for methods implemented by the server, but not allowed for the object
> requested.

Misspelling etc are followed by a 400 code

> > 6.3.4 500 Server Error: 502 (twice) and 504 call this "500 Internal
> >     Error".  All should say "Server Error"?

> > 17  Bad servers: The first paragraph here sounds like a Compliance
> >     statement.  As such, it should be in the body of the document, not an
> >     appendix?   The document certainly needs a Compliance section.
> 
> Hmmmm, seems a bit overboard to me.  Henrik?

I my opinion, the specification itself should not consider `bad'
applications. Especially when so little is actually required in order
to be a HTTP 1.0 application. These things belong in an appendix.


-- cheers --

Henrik Frystyk
frystyk@W3.org
+ 41 22 767 8265
World-Wide Web Project,
CERN, CH-1211 Geneva 23,
Switzerland
Received on Wednesday, 30 November 1994 06:22:39 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:08 EDT