Re: Feedback on draft-sigurdsson-anti-ddos-http-throttling

Hi Mark,

Thanks a lot for the feedback.

I was ambivalent about reusing the Retry-After header.  As far as I
can tell, the semantics are unchanged when encountered on a response
with a 503 status code, which AFAICT is the only status code it is
observed for per current HTTP standards.  The addition in this
Internet-Draft is to observe the header for responses with other
status codes.  My thought was that since implementations should ignore
unknown headers, this wouldn't dilute interop, but I wasn't sure.  It
sounds like the simplest route is to use a new header, but would love
your thoughts on the reasoning above before I go there.

I should note that the existing implementation does not actually
interpret Retry-After this way, it uses an X-header since there is no
standard yet.

I will look into registering the headers as you mentioned.  Thanks for
the reference.

Cheers,
Jói


On Mon, Oct 10, 2011 at 3:41 AM, Mark Nottingham <mnot@mnot.net> wrote:
> Hi Joi,
>
> I just noticed your draft <http://www.ietf.org/id/draft-sigurdsson-anti-ddos-http-throttling-00.txt> and had a quick look through it.
>
> One thing that stood out was your re-definition of the Retry-After HTTP header; modifying the semantics of an existing header is generally not a good idea (as doing so dilutes interop). If it does need changing, that needs to be done in consultation with the entire community, not unilaterally.
>
> I'd suggest you define a different header; if you really need to use Retry-After, please engage with the HTTPbis WG (CC:ed).
>
> Also, you'll need to register whatever headers you define; see RFC3864.
>
> Regards,
>
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>

Received on Tuesday, 11 October 2011 18:33:12 UTC