Re: Is forwarding hop-by-hop headers a MUST-level violation? from Jeffrey Mogul on 2004-07-10 (ietf-http-wg@w3.org from July to September 2004)

From: Jeffrey Mogul <Jeff.Mogul@hp.com>
Date: Fri, 09 Jul 2004 17:41:35 -0700
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: ietf-http-wg@w3.org
Message-Id: <200407100041.i6A0fZqx014586@wera.hpl.hp.com>

    Some proxies forward some hop-by-hop headers. While discussing
    a related Apache bugzilla entry[1], Nick Kew suggested that forwarding
    a hop-by-hop header by a proxy is only a SHOULD-level violation, if it
    is a violation at all.
    
    Section 13.5.1 of RFC 2616 says:
    
       For the purpose of defining the behavior of caches and non-caching
       proxies, we divide HTTP headers into two categories:
    
	  - End-to-end headers, which are  transmitted to the ultimate
	    recipient of a request or response. End-to-end headers in
	    responses MUST be stored as part of a cache entry and MUST be
	    transmitted in any response formed from a cache entry.
    
	  - Hop-by-hop headers, which are meaningful only for a single
	    transport-level connection, and are not stored by caches or
	    forwarded by proxies.
    
    The "Hop-by-hop headers ... are not stored or forwarded" claim is not
    an explicit MUST- or SHOULD-level requirement. It looks like an
    assertion or definition. Given the negative impact forwarding some
    hop-by-hop headers would have, I always assumed that proxies MUST NOT
    forward any hop-by-hop headers. Was I wrong?

I suspect this is indeed a bug in the spec.  However, it's
possible (my memory is useless on this) that we decided that it
was not necessary to specify this because other parts of the
document were supposed to do it.  (Some of my co-authors had a
strong aversion to making the same normative requirement in two
places.)

For example, TE is listed here as hop-by-hop, and later (14.39)
the spec says "the keyword MUST be supplied within a Connection
header" (although now I'm not whether we want the keyword to be
covered by Connection, or the field name itself).  However,
13.5.1 also lists "Trailers" (sic!) and the spec for "Trailer"
doesn't include this prohibition.  So I guess we botched it.
    
    Is it worth changing the above language to a more consistent and
    explicit:
    
	  - Hop-by-hop headers, which are meaningful only for a single
	    transport-level connection. Hop-by-hop headers MUST NOT be
	    stored by caches or forwarded by proxies.
    
    BTW, the above "End-to-end headers" rules do not say anything about
    forwarding End-to-end request headers. Perhaps the wording should be
    polished to include request headers as well?

Yeah, although it (in effect) says that they have to be forwarded
on cache hits, so it would be odd not to forward them on cache
misses (or other non-cache-hit situations).

-Jeff

Received on Friday, 9 July 2004 20:41:40 UTC