Re: HTTP/2 extensibility <draft-ietf-httpbis-http2-17> from Poul-Henning Kamp on 2015-03-06 (ietf-http-wg@w3.org from January to March 2015)

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 06 Mar 2015 15:02:24 +0000
To: Bob Briscoe <bob.briscoe@bt.com>
cc: Martin Thomson <martin.thomson@gmail.com>, Ben Niven-Jenkins <ben@niven-jenkins.co.uk>, Mike Belshe <mbelshe@chromium.org>, "fenix@google.com" <fenix@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <41779.1425654144@critter.freebsd.dk>

--------
In message <201503061433.t26EXPNj013385@bagheera.jungle.bt.co.uk>, Bob Briscoe 
writes:

>In the IETF TCP maintenance WG, the bar to changes is very high, 

>I assume you're referring to
>" In general, an implementation must be conservative
>   in its sending behavior, and liberal in its receiving behavior." [RFC791]
>
>This /is/ a principle that guides protocol design, but perhaps 
>HTTP/1.x experience shows that it is less appropriate at higher 
>layers. At lower layers, it has stood the test of time, and you don't 
>hear anyone questioning it.

The amount of things TCP can be liberal about can be counted on the
fingers of a single person, whereas the things HTTP can (have to)
be liberal about are mathematically uncountable.

This is entirely a situation of the HTTP communitys own making,
caused by having ill-conceived ideas battle it out with badly thought
out hacks, only in terms of market-share in an imperfectly operating
market, subject to monopoly size players with much to loose.

Some of us hoped that H2 would react sensibly to this nightmarish
situation, by tightening architecture and cleaning up semantics.

As you can see, that didn't happen, and all HTTP's daemons will
be able to make the transition to H2 effortlessly and new deamons
have already started to materialize.

>Oh dear. I think we are witnessing a layering violation of cultures.

Undoubtedly:  H2 is primarily a political protocol.

>> > For instance, a number of potential issues around DoS are left open.
>
>Ben, I'm referring to the large number of DoS concerns listed in the 
>HTTP/2 spec in open-ended sentences that just state the concern. Each 
>one made me think "So, why haven't you redesigned the protocol then?" 
>If I had designed a protocol with those concerns, I wouldn't have 
>even brought it to standardisation until I had at least some idea of 
>a direction to address them. Again, this seems to be a culture 
>difference between app-layer and lower layers.

I fully agree with you, H2 is at best a valuable prototype, but not
anywhere near the maturity you would expect from a protocol revision
of one of the worlds most used and popular protocols.

>Has the WG really thought through whether this extensibility approach 
>is going to work?

No, it has not.

There's never time for that kind of thought in this WG.

...as you have no doubt already gathered from the answers to your
pertinent observations.

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Friday, 6 March 2015 15:02:52 UTC