WGLC issue: 'no-transform' from Mark Nottingham on 2012-11-26 (ietf-http-wg@w3.org from October to December 2012)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 26 Nov 2012 16:58:46 +1100
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <4AC2AE4C-DCA9-4E05-9442-7D96C7C6AB9F@mnot.net>

p1 says:

> A proxy must not modify or add any of the following fields in a message that contains the no-transform cache-control directive:
> 
> 	• Content-Encoding (Section 3.1.2.2 of [Part2])
> 	• Content-Range (Section 5.2 of [Part5])
> 	• Content-Type (Section 3.1.1.5 of [Part2])
> A transforming proxy may modify or add these fields to a message that does not include no-transform, but if it does so, it must add a Warning 214 (Transformation applied) if one does not already appear in the message (see Section 7.5 of [Part6]).

p6 says: 

> 7.2.2.9 no-transform
> 
> The "no-transform" response directive indicates that an intermediary (regardless of whether it implements a cache) must not change the Content-Encoding, Content-Range orContent-Type response header fields, nor the response representation.

2616 was a bit more wordy:

> 14.9.5 No-Transform Directive
> 
>    no-transform
>       Implementors of intermediate caches (proxies) have found it useful
>       to convert the media type of certain entity bodies. A non-
>       transparent proxy might, for example, convert between image
>       formats in order to save cache space or to reduce the amount of
>       traffic on a slow link.
> 
>       Serious operational problems occur, however, when these
>       transformations are applied to entity bodies intended for certain
>       kinds of applications. For example, applications for medical
>       imaging, scientific data analysis and those using end-to-end
>       authentication, all depend on receiving an entity body that is bit
>       for bit identical to the original entity-body.
> 
>       Therefore, if a message includes the no-transform directive, an
>       intermediate cache or proxy MUST NOT change those headers that are
>       listed in section 13.5.2 as being subject to the no-transform
>       directive. This implies that the cache or proxy MUST NOT change
>       any aspect of the entity-body that is specified by these headers,
>       including the value of the entity-body itself.


(the text currently in p1 closely corresponds to that in 2616's 13.5.2).

The issue here is that the intent in 2616 is clear -- the body shouldn't be modified if no-transform is present -- but since we split it up, a reader of p1 doesn't have any indication of this unless they chase up in p6 (note there isn't any reference, beyond the unrelated one to the Warning header).

I'd suggest we need p1 to explicitly say the body can't be changed, as p6 does.

While we're at it, changing "A proxy must not modify or add any of the following fields..." to "A proxy (transparent or non-transparent) must not modify or add any of the following fields " would make what's going on a lot clearer.

--
Mark Nottingham   http://www.mnot.net/

Received on Monday, 26 November 2012 05:58:59 UTC