Re: RFC 3143 from Mark Nottingham on 2008-12-12 (ietf-http-wg@w3.org from October to December 2008)

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 12 Dec 2008 21:55:39 +1100
To: Julian Reschke <julian.reschke@gmx.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <41F8277A-D069-4C44-9E64-D13C3435814D@mnot.net>

Well, 3143 is Informational, and IIRC it was considered as a way to  
collect industry / community experience at that point in time, not an  
authoritative list of errata, etc.

I would treat it as an input document to this work, not necessarily  
something we have to correct, refute, or harmonise with. If we're  
interested in correcting other existing documents, I think BCP56 is  
more important than this one...

Cheers,



On 12/12/2008, at 2:20 AM, Julian Reschke wrote:

>
> Hi,
>
> I was recently pointed to RFC 3143, "Known HTTP Proxy/Caching  
> Problems" (<http://tools.ietf.org/html/rfc3143>).
>
> This one is interesting in that it claims to document several  
> problems in the HTTP/1.1 *specification*. If these claims are  
> correct, we should add the individual points to our issues tracker.  
> If they are not, we should file errata against RFC 3143.
>
> From a quick read, at least two issues look fishy:
>
> 1) "2.1.1 Vary header is underspecified and/or misleading" (<http://tools.ietf.org/html/rfc3143#section-2.1.1 
> >)
>
> This includes an example using HTTP delta encoding, but *claims*  
> that the problem also occurs in simpler cases. I'm not ready to  
> believe that claim yet.
>
> 2) "2.2.2 Interception proxies prevent introduction of new HTTP  
> methods" (<http://tools.ietf.org/html/rfc3143#section-2.2.2>)
>
> This claims:
>
>      A proxy that receives a request with a method unknown to it is
>      required to generate an HTTP 501 Error as a response.  HTTP
>      methods are designed to be extensible so there may be  
> applications
>      deployed with initial support just for the user agent and origin
>      server.  An interception proxy that hijacks requests which  
> include
>      new methods destined for servers that have implemented those
>      methods creates a de-facto firewall where none may be intended.
>
> ...without pointing out where RFC 2616 says that.
>
> Feedback appreciated,
>
> Julian
>
>
>


--
Mark Nottingham     http://www.mnot.net/

Received on Friday, 12 December 2008 10:56:20 UTC