HTTP practice and Year-2000: the bad(?) news from Jeffrey Mogul on 1997-04-11 (ietf-http-wg@w3.org from April to June 1997)

From: Jeffrey Mogul <mogul@pa.dec.com>
Date: Fri, 11 Apr 97 15:09:21 MDT
To: http-wg@cuckoo.hpl.hp.com
Message-Id: <9704112209.AA05235@acetes.pa.dec.com>

At one of the HTTP-WG sessions at the IETF meeting in Memphis, we had a
brief discussion of Year-2000 issues (although I don't think this
appeared in the minutes, so I can't remember who brought it up).

Although HTTP/1.1 requires the use of "rfc1123-date", which has
a four-digit year field (section 3.3.1):

   HTTP/1.1 clients and servers [...] MUST
   only generate the RFC 1123 format for representing HTTP-date values
   in header fields.

older implementations used RFC 850 dates, which have a 2-digit
year field (e.g., "Sunday, 06-Nov-94 08:49:37 GMT").

The question that came up was "how prevalent is the use of the
2-digit year field?".  I.e., what is the likelihood that users
will be faced with buggy results after the end of 1999?

In December, I made a trace of the contents of the HTTP requests
and responses flowing through our proxy servers.  This trace covered
about 2 days, and about 500K requests (from several thousand different
users).  Since I have full header information, I realized that I could
find out roughly how prevalent the use of 2-digit year fields is.

As a crude test, I looked at one subset of this trace (about 2% of
the total responses), and pulled out all of the Date, Last-Modified,
and Expires headers seen there.  This resulted in 6282 separate values.
I then used "grep" to find the values that had a 2-digit year field
between 1993 and 1997; about 1247 values used this obsolete format.
In other words, around 20% of the values are not "Year-2000 ready".

It would take somewhat more effort for me to answer other questions,
such as

	how many different sites on the Internet are not Y2K-ready?

	which server implementations are not Y2K-ready?

but I would rather not get into a public naming of names (i.e., listing
the non-compliant server implementations).

Anyway, this may not be a true disaster.  Any new HTTP client
ought to recognize that if the current year is 2002, and it
receives an "Expires: Sunday, 06-Nov-94 08:49:37 GMT", then
that "94" means "1994".  My guess is that most of the client
and proxy population will be updated during the next 3 years,
except perhaps for some embedded systems.  Unfortunately, it's
hard to tell from these traces whether any naive client
implementations are lurking out there.

-Jeff

Received on Saturday, 12 April 1997 05:32:34 UTC