Re: John Scudder's No Objection on draft-ietf-httpbis-targeted-cache-control-03: (with COMMENT) from Mark Nottingham on 2022-01-15 (ietf-http-wg@w3.org from January to March 2022)

From: Mark Nottingham <mnot@mnot.net>
Date: Sat, 15 Jan 2022 13:42:34 +1100
To: John Scudder <jgs@juniper.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-targeted-cache-control@ietf.org, httpbis-chairs@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>, tpauly@apple.com
Message-Id: <1370FDAC-9D21-4C3E-9818-48DD039795D0@mnot.net>

Thanks, John.

> On 15 Jan 2022, at 5:38 am, John Scudder via Datatracker <noreply@ietf.org> wrote:
> 
> 1. §2.1 Nit:
> 
>   Implementations SHOULD NOT consume values that violate these inferred
>   constraints.  For example, a consuming implementation were to coerce
>   a max-age with a decimal value into an integer would behave
>   differently than other implementations, potentially causing
>   interoperability issues.
> 
> I think “were to coerce” should be “that were to coerce”.

I took a slightly different route:
  https://github.com/httpwg/http-extensions/commit/203f88e7880

> 2. I have a question regarding one of the examples in §3.1:
> 
>   Whereas these would prevent all caches except for CDN caches from
>   storing the response:
> 
>   Cache-Control: no-store
>   CDN-Cache-Control: none
> 
>   (note that 'none' is not a registered cache directive; it is here to
>   avoid sending a header field with an empty value, which would be
>   ignored)
> 
> As a httpbis naïf, I might have guessed that a field that contains no
> registered directive might be considered equivalent to an empty field, in which
> case according to the rules of §2.2 the field would be ignored and the
> Cache-Control field would be respected instead.

CDN-Cache-Control is a structured field, so an empty value isn't valid and might be discarded by implementations. Even for "normal" HTTP fields, there's anecdotal evidence that empty fields are sometimes removed.

> Your example makes it clear that guess would be wrong, thank you. My question
> is whether it’s completely obvious to those conversant with the subject area,
> that it’s fine to just bung a random string into the field? For that matter,
> supposing someone came along and registered 'none' at some point in the future.
> Might that cause the example case to break?

This is really just for purposes of clarifying the semantics -- I don't think anyone would reasonably do this. But yes, it's clear in HTTP that unrecognised strings are ignored.

Regarding the example breaking -- I suppose we could use 'example', but honestly I don't think it's very likely that 'none' will be registered.

Cheers,


--
Mark Nottingham   https://www.mnot.net/

Received on Saturday, 15 January 2022 02:42:53 UTC