W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2004

Re: Is forwarding hop-by-hop headers a MUST-level violation?

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Mon, 12 Jul 2004 22:27:47 -0600 (MDT)
To: Jeffrey Mogul <Jeff.Mogul@hp.com>
Cc: ietf-http-wg@w3.org
Message-ID: <Pine.BSF.4.58.0407122220120.10397@measurement-factory.com>


On Mon, 12 Jul 2004, Jeffrey Mogul wrote:

> I'd note that "Keep-Alive" is not actually specified as an HTTP/1.1
> header, but is included in this list to prevent compatibility
> problems with older code.

Agreed.

> I would also suggest adding something like:
>
>     A proxy MUST NOT forward one of the hop-by-hop headers listed
>     above even if it is NOT listed in a Connection header of the
>     received message.
>
> lest some implementor believe that it is not necessary to check
> for errors in the use of Connection.

Agreed, I would polish the wording a little more:

	A proxy MUST NOT forward any hop-by-hop header, regardless
	of whether the header is listed in a Connection header of
	the received message.

> Alex suggests
>
>     And then remove per-header MUSTs and a SHOULD mentioned above?
>
> Hmm.  I'm not sure this is wise, given the possibility that an
> implementor who sees this change between versions of the spec will
> notice that the new version of 13.5.1 still enforces the rule.  In
> other words, someone might misunderstand a local wording change as a
> global requirements change.  I would not change language in the
> spec, at this point, if the actual requirement hasn't changed.

Good point. I was mostly worried about the existing SHOULD requirement
for Proxy-Authenticate that would contradict the newly added MUST.
Should we replace that SHOULD with a reference to the corresponding
new MUST in 13.5.1? And leave other header-specific sections in peace?

Thanks,

Alex.
Received on Tuesday, 13 July 2004 00:45:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:35 GMT