- From: Jói Sigurđsson <joi@google.com>
- Date: Mon, 10 Oct 2011 18:32:45 +0000
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Adam Barth <w3c@adambarth.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hi Mark, Thanks a lot for the feedback. I was ambivalent about reusing the Retry-After header. As far as I can tell, the semantics are unchanged when encountered on a response with a 503 status code, which AFAICT is the only status code it is observed for per current HTTP standards. The addition in this Internet-Draft is to observe the header for responses with other status codes. My thought was that since implementations should ignore unknown headers, this wouldn't dilute interop, but I wasn't sure. It sounds like the simplest route is to use a new header, but would love your thoughts on the reasoning above before I go there. I should note that the existing implementation does not actually interpret Retry-After this way, it uses an X-header since there is no standard yet. I will look into registering the headers as you mentioned. Thanks for the reference. Cheers, Jói On Mon, Oct 10, 2011 at 3:41 AM, Mark Nottingham <mnot@mnot.net> wrote: > Hi Joi, > > I just noticed your draft <http://www.ietf.org/id/draft-sigurdsson-anti-ddos-http-throttling-00.txt> and had a quick look through it. > > One thing that stood out was your re-definition of the Retry-After HTTP header; modifying the semantics of an existing header is generally not a good idea (as doing so dilutes interop). If it does need changing, that needs to be done in consultation with the entire community, not unilaterally. > > I'd suggest you define a different header; if you really need to use Retry-After, please engage with the HTTPbis WG (CC:ed). > > Also, you'll need to register whatever headers you define; see RFC3864. > > Regards, > > > -- > Mark Nottingham http://www.mnot.net/ > > > >
Received on Tuesday, 11 October 2011 18:33:12 UTC