Re: Fwd: Request to Attend President's Council on Y2K Internet Readiness Roundtable

Date: Fri, Jul 09 1999

Message-Id: <>
To: (Jim Gettys)
Date: Fri, 09 Jul 99 11:45:19 -0700
Subject: Re: Fwd: Request to Attend President's Council on Y2K Internet Readiness Roundtable 

    Jeff Mogul produced some data 18 months ago or so on the fraction
    of traffic that had 2 digit date fields: it was surprisingly high
    then (something like 15 or 20% from what I remember).

    But implementations have been deploying since then that use 4 digit
    dates.  I'd expect the current traffic to be very much lower.
I would think that the critical issue is not whether hosts
are sending date values with 2-digit fields, but rather to
do some analysis of what kinds of failure modes could occur.

E.g., consider this scenario:

Server sends:
	Last-Modified: Fri, 09 Jul 00 08:02:33 GMT

Client then sends:
	If-Modified-Since: Fri, 09 Jul 00 08:02:33 GMT

The "wrong" interpretations of that header (i.e., that
the client's copy was modified in 1900 or 0000) are
conservative, in that the failure mode is a 200 response
rather than a 304 response - i.e., wasted bandwidth,
but no transparency failure.

On the other hand (to pick a possibly contrived example),
if a server sends
	Expires: Fri, 09 Jul 99 08:02:33 GMT
and really means "1999", but the client interprets this
as meaning "2099", then we do have a transparency failure.
Which is probably a bug in the client code, but programmers
have done stupider things.

If you really wanted to nail down the Y2K problems for
HTTP, it would probably be a good idea to complete this
kind of analysis for the entire protocol, and then
look at header traces to see if, for example, servers
are indeed sending Expires headers with 2-digit dates.

A quick search of RFC2616 reveals ca. 8 places where
http-date values appear in headers, so there should
be fewer than 8*8*2 cases to the exhaustive analysis.
(The *2 comes from the two ways that a date could
be misinterpreted.)  Probably much fewer.

Followed by some number of trace analyses to see if the
problem cases actually occur in practice.