- From: Jeffrey Mogul <Jeff.Mogul@hp.com>
- Date: Tue, 15 Apr 2003 16:51:17 -0700
- To: Alex Rousskov <rousskov@measurement-factory.com>
- Cc: ietf-http-wg@w3.org
I've posted the question below last year but got no opinions. Repeated client inquiries prompted me to look at this again. In short, parts of RFC 2616 say that a server MUST use strong tag comparison when generating 206 responses to If-Range (i.e., weak If-Range MOST NOT match), while another part places requirements on 206 responses to weak If-Range (implying that it is OK to respond with 206 to a weak If-Range). See original post below for quotes/details. Does anybody care to comment? Or am I missing some way to generate a 206 response to a weak If-Range without violating any MUSTs? I guess I ought to respond because I wrote most or all of these parts of the spec. (Sorry for dropping the ball back in October.) You're probably right that there is a contradiction here, and that part you quoted from RFC 2616, section 10.2.7 (206 Partial Content): If the response is the result of an If-Range request that used a weak validator, the response MUST NOT include other entity-headers; is probably a bug. That is, the entire sentence (including the rationale after the semicolon) probably ought to be deleted. My guess is that this contradiction arose during a revision that made 13.3.3 stricter, and I failed to make 10.2.7 stricter as well. This is all a bit mushy because 13.3.3 allows a sort of ambiguous situation if the validator in question is a Last-Modified timestamp rather than an entity tag. Since there is no way to tag a Last-Modified value as "weak" (or "strong", for that matter), 13.3.3 has some rather fragile rules for allowing either the client or the server to infer strongness. So if the heuristic here breaks ("60 seconds is too short") then it might be possible for a client to believe that it can generate an If-Range request with a Last-Modified value that the *client* thinks is strong, but the *server* thinks is weak. But in this case, it's clearly a bad idea for the server to respond with 206, and so this language in 13.3.3: A cache or origin server receiving a conditional request, other than a full-body GET request, MUST use the strong comparison function to evaluate the condition. ought to be kept in the spec, rather than that contradictory sentence from 10.2.7. Would it be fair to say that the latter part documents requirements for violators? That is, if and only if a server decides (due to local configuration or whatever) to violate a MUST it becomes subject to another MUST? I don't think we ever really wanted to document "requirements for violators," since the whole point of a specification is to give us a way to stamp out violators. (Although during our debate about whether badly-misguided cache operators should be allowed to violate a server's clearly stated restrictions on caching, we ended up resolving the debate by documenting "requirements for violators." But fortunately we didn't make a habit of this.) -Jeff
Received on Tuesday, 15 April 2003 19:51:21 UTC