Re: Questions and comments about draft-ietf-httpbis-replay-00

On Wed, Sep 27, 2017 at 8:57 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> On Thu, Sep 28, 2017 at 10:50 AM, Mark Nottingham <mnot@mnot.net> wrote:
>> I prefer the current text in the draft; it's aligned with and refers to 7231.
>
> I can certainly live with that if others can.

The section of the HTTP/1.1 standard Mark referenced uses the language
"the client does not request, and does not expect, any state change on
the origin server as a result of applying a safe method to a target
resource", and in the next paragraph clarifies that this judgment must
be made by the client alone, presumably because it has no way of
knowing what the server is actually doing, and that "the client did
not request that additional behavior and cannot be held accountable
for it".

In this case, the origin server knows (or could know) what the effects
of the request are, so the two situations are different.

ISTM also that "state-changing side effects" can easily be construed
to include logs, TCP state, etc., so the same objection seems to apply
here.

That said, I fear any language here will either be too specific and
therefore wrong, or too general and therefore permit some undesirable
origin server behavior.

Kyle

Received on Thursday, 28 September 2017 23:33:37 UTC