W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: HTTP/2 examples SHOULD use :authority

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 1 Dec 2016 16:19:03 -0700
Cc: Martin Thomson <martin.thomson@gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <3a933ef3-922e-6b83-e379-b7efbb968242@measurement-factory.com>
On 12/01/2016 04:08 PM, Martin Thomson wrote:

> There was a long discussion about this and the ultimate conclusion was
> to recommend :authority over host.  However that never made the
> examples section.
> 
> We did not mandate use of :authority so that proxies and gateways
> could provide perfect fidelity in their translation from 1.1 to 2.

Yes, I suspect I have read most of that [enlightening!] discussion
before posting here and probably understand the origins of these problems.


> If you interpret the examples as conversions, then they are correct in
> that the fidelity is preserved (as Kari points out).  However, I don't
> believe that to be the primary purpose of examples in this
> specification.
> 
> If we were able to make a change, I would indeed change the examples
> to use :authority, but include a note that said that - in the case of
> a direct conversion from 1.1 - "host" would be used instead.

I believe we are on the same page. If there is a consensus that this
problem deserves an errata, I would be happy to propose a specific
change. Otherwise, this email thread itself may help those confused by
the examples.


Thank you,

Alex.



> On 2 December 2016 at 03:54, Alex Rousskov
> <rousskov@measurement-factory.com> wrote:
>> Hello,
>>
>>     This question is inspired be an interoperability problem between Web
>> Polygraph benchmark and a [MitM] HTTP/2 proxy. Inside a CONNECT tunnel
>> to a Polygraph server, Polygraph clients were violating the following
>> RFC 7540 SHOULD by sending a Host header instead of the :authority
>> pseudo-header:
>>
>>>   Clients
>>>   that generate HTTP/2 requests directly SHOULD use the ":authority"
>>>   pseudo-header field instead of the Host header field.
>>
>>
>> When forwarding the requests, the proxy dropped the Host header without
>> adding :authority... While investigating who is at fault, I noticed that
>> Polygraph [accidentally] follows RFC 7540 examples: *All* Section 8.3
>> examples show HTTP/2 requests with a Host header instead of :authority!
>>
>>> GET /resource HTTP/1.1       HEADERS
>>> Host: example.org       ==>    + END_STREAM
>>> Accept: image/jpeg             + END_HEADERS
>>>                                  :method = GET
>>>                                  :scheme = https
>>>                                  :path = /resource
>>>                                  host = example.org
>>>                                  accept = image/jpeg
>>
>>
>> One could argue that the RFC examples are meant to illustrate how to
>> mechanically translate an HTTP/1 message to HTTP/2, with as little
>> information loss as possible, even at the expense of violating a SHOULD.
>> I do not think that is a valid argument because the Examples section
>> does not disclose that intent and most readers will expect the [only]
>> Example section to illustrate genuine HTTP/2 messages rather than
>> unusual HTTP version translation peculiarities (unless explicitly noted
>> otherwise).
>>
>> AFAICT, the Examples section talks about and shows various generated
>> HTTP/2 messages that meet version-agnostic prose specifications. The
>> HTTP/1 messages are probably also included just because most [early] RFC
>> readers were expected to be more familiar with HTTP/1 than HTTP/2.
>>
>> Do you think the RFC examples should use ":authority" instead of "host"?
>>
>>
>> Thank you,
>>
>> Alex.
>>
Received on Thursday, 1 December 2016 23:19:37 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 December 2016 23:19:40 UTC