Re: Working Group Last Call: HTTP/2 revision from Willy Tarreau on 2021-09-01 (ietf-http-wg@w3.org from July to September 2021)

From: Willy Tarreau <w@1wt.eu>
Date: Wed, 1 Sep 2021 15:05:58 +0200
To: Julian Reschke <julian.reschke@gmx.de>
Cc: ietf-http-wg@w3.org
Message-ID: <20210901130558.GA12014@1wt.eu>

On Wed, Sep 01, 2021 at 08:35:49AM +0200, Julian Reschke wrote:
> > > 8.1.1
> > > 
> > > A malformed request or response is one that is an otherwise valid
> > > sequence of HTTP/2 frames but is invalid due to the presence of
> > > extraneous frames, prohibited fields or pseudo-header fields, the
> > > absence of mandatory fields or pseudo-header fields, the inclusion of
> > > uppercase field names, or invalid field names and/or values (in certain
> > > circumstances; see Section 8.2).
> > > 
> > > Q: are there any mandatory fields that are not pseudo-header fields?
> > 
> > We could say "Host" if there's no ":authority", but in general if we
> > defer to semantics the rules for validating a HEADERS frame, I find
> > it useful to just give rough examples of what could be covered by
> > the core spec.
> 
> Well, the way it's written had me wonder what HTTP fields can be
> mandatory now that control data is in pseudo fields.

Yes and that's definitely a difficulty in implementations :-/

> To call "Host"
> mandatoy is just confusing. Maybe the whole statement should be
> simplified somewhat.

It's possible, nothing comes to my mind right now. The reality is
that Host has become a second place for authority long ago but is
weaker than authority... In an ideal world we'd say that an authority
is mandatory and must be provided as :authority or Host (or both),
preferably :authority. But with the split inherited from H1 and the
need to pass H1 semantics to H2 it's not that easy.

> > > 8.2
> > > 
> > > To improve efficiency and interoperability, field names MUST be
> > > converted to lowercase when constructing an HTTP/2 message.
> > > 
> > > Q: I think this is somewhat misleading, it just provides the motivation
> > > why the lowercase format was introduced initially. I would just remove
> > > the sentence and potentially insert a note about lower-casing into the
> > > field name validity statements.
> > 
> > Or maybe just turn it like this:
> > 
> >    To improve efficiency and interoperability, HTTP/2 only uses lowercase
> >    header field names, so all field names MUST be converted to lowercase
> >    when constructing an HTTP/2 message.
> 
> That's somehat better. Maybe:
> 
> "To improve compression efficiency and interoperability, HTTP/2 uses
> lowercase field names only. All field names MUST be converted to
> lowercase when constructing an HTTP/2 message."
> 
> (note that also drops one instance of "header")

It reads better to me, +1 for this one!

Thanks,
willy

Received on Wednesday, 1 September 2021 13:06:13 UTC