W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: clarify some MUST requirements in HTTPbis part 1 section 3.3

From: Roy T. Fielding <fielding@gbiv.com>
Date: Wed, 7 Dec 2011 09:30:05 -0800
Cc: Willy Tarreau <w@1wt.eu>, Alex Rousskov <rousskov@measurement-factory.com>, ietf-http-wg@w3.org
Message-Id: <9766F51F-1D18-497D-A6D1-82948CA56F50@gbiv.com>
To: Mark Nottingham <mnot@mnot.net>
On Dec 7, 2011, at 12:49 AM, Mark Nottingham wrote:
> On 03/12/2011, at 5:53 PM, Willy Tarreau wrote:
> 
>> The issue I have with this is that for me, violating the spec simply implies
>> not doing a MUST or doing a MUST NOT. There are a huge number of such rules
>> in the spec, many of them irrelevant to most proxies. And by ignoring these
>> rules, the proxies will violate the spec by forwarding wrong contents. Your
>> example of the Date header is perfect. It's a general header with a MUST for
>> the format, still a number of proxies don't care about it and will not check
>> it. By forwarding a wrong one, they will violate the spec. 
> 
> This is a good point. I think we can address this by changing this in the sections on conformance (one per draft, IIRC):
> 
>>   This document also uses ABNF to define valid protocol elements
>>   (Section 1.2).  In addition to the prose requirements placed upon
>>   them, Senders MUST NOT generate protocol elements that are invalid.
> 
> to something like:
> 
>>   This document also uses ABNF to define valid protocol elements
>>   (Section 1.2).  In addition to the prose requirements placed upon
>>   them, Senders MUST NOT generate protocol elements that are invalid, 
>>   unless the element is out of their control (such as a header generated by
>>   an upstream sender), in which case they MAY attempt to correct
>>   the syntax before sending.
> 
> Thoughts? We'd still have the option of making specific exceptions where we require generation to be conformant (e.g., when there are security implications).

A proxy is responsible for complying with all requirements on senders,
clients, and proxies.  That is how the entire protocol is written.
While I understand that some folks may not want to do that, the answer
is that their software is not compliant with HTTP.  There is no need for
further exceptions.

There are many "proxies" that are not HTTP proxies.

....Roy
Received on Wednesday, 7 December 2011 17:31:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:50 GMT