W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #300: Define non-final responses

From: Willy Tarreau <w@1wt.eu>
Date: Mon, 18 Jul 2011 08:01:39 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Mark Nottingham <mnot@mnot.net>, Poul-Henning Kamp <phk@phk.freebsd.dk>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20110718060139.GI31226@1wt.eu>
On Mon, Jul 18, 2011 at 05:46:20PM +1200, Adrien de Croy wrote:
> Ok, I re-read the sections in RFC2616.
> 
> It's pretty clearly marked as a hop-by-hop header.
> 
> This has some serious negative implications for usefulness.
> 
> If a proxy cannot pass the upgrade header through, and get out of the 
> way then any new protocol to be upgraded to needs to be supported by all 
> proxies in any chain.

It depends, if the proxy understands the Upgrade header and what it
means, it's allowed to emit it on the other side. For instance, the
proxy might know that the header holds a list of protocols that it
can become transparent to because it's switching to a tunnel once
it sees 101+Upgrade. In my opinion, it does not necessarily have to
understand all of the header's values.

> Compared to (what appears to be common) current understanding, this 
> means the problem is not one of just getting a client and server working 
> which is do-able, it also means getting your proxy vendor, or any vendor 
> of any proxy used by any client to also implement the protocol.  A 
> non-starter.
>
> This makes it basically impractical, and a show stopper for any deployment.

Indeed, if it is as you're saying, it will never be usable that way.

> Maybe we need to extend CONNECT to enable it to be used against an 
> origin server, and deprecate Upgrade.  This at least is fairly well 
> understood by intermediaries.  AFAIK this is what Websockets was doing 
> originally?

No, I introduced the suggestion of using CONNECT when I joined the WG 2
years ago when I was a bit shoked to see an HTTP-incompatible handshake
(some bytes had to be sent from the client to the server for the Upgrade
to be possible). But along the discussions, it appeared that CONNECT was
not a good idea with origin servers, because it was never meant for that
use, the destination address would not make much sense either, and it
would present a risk of misbehaviour when the request would pass through
intermediaries : since by definition CONNECT is for proxies, intermediaries
in the chain would have no way to know if the request has to be processed
as a proxy or as a gateway. So we dropped that idea.

Regards,
Willy
Received on Monday, 18 July 2011 06:02:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:45 GMT