Re: #186: Document HTTP's error-handling philosophy

On 2011-05-02 04:09, Mark Nottingham wrote:
> <>
> Straw-man proposal: replace "Requirements" sections (in all parts) with the following.
>> Conformance and Error Handling
>> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
>> This document defines conformance criteria for several roles in HTTP communication, including Senders, Recipients, Clients, Servers, User-Agents, Origin Servers, Intermediaries, Proxies and Gateways. See [ref to Terminology] for a definitions of these terms.

Would this sentence be the same in all parts?

>> An implementation is considered conformant if it complies with all of the requirements associated with its role(s). Note that SHOULD-level requirements are relevant here, unless one of the documented exceptions is applicable.
>> This document also uses ABNF to define valid protocol elements. In addition to the prose requirements placed upon them, Senders MUST NOT generate protocol elements that are invalid.
>> Unless noted otherwise, Recipients MAY take steps to recover a usable protocol element from an invalid construct, and SHOULD NOT reject the message outright. However, HTTP does not define specific error handling mechanisms, except in cases where it has direct impact on security. This is because different uses of the protocol require different error handling strategies; for example, a Web browser may wish to transparently recover from a response where the Content-Type header doesn't match the body, whereby in a systems control protocol using HTTP, this type of error recovery could lead to dangerous consequences.

We have a similar sentence in the Content-Disposition spec, which 
resulted in an IESG comment because of the MAY/SHOULD NOT.

Maybe this needs clarification.

Also here's a SHOULD NOT where we don't document when it might be ok to 
break it (for instance, in a validator).

"where the Content-Type header doesn't match the body"... This is 
misleading, because there's no way to "match it" against an octet 
stream. We either need to rephrase this or pick a different example.

> Note that this removes the "conditionally compliant" level of conformance; i.e., SHOULD is no longer overloaded, and returns to is original RFC2119 semantic of identifying requirements that can be violated for reasonable reasons (see also<>, which proposes that we try to enumerate those reasons wherever possible).
> That's a fairly big change. I'd argue that "conditional compliance" doesn't promote interop and should be dropped. Thoughts?

It *is* a big change, and getting all the changes done right will be 
quite some work.

Best regards, Julian

Received on Monday, 23 May 2011 08:27:06 UTC