W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: Feedback on draft-sigurdsson-anti-ddos-http-throttling

From: Jói Sigurđsson <joi@google.com>
Date: Mon, 10 Oct 2011 18:32:45 +0000
Message-ID: <CAJa3wPZZ7Es9+0QrNhr0AADn_kGEcjucyDDHQs1THDYjNVBkXQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Adam Barth <w3c@adambarth.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hi Mark,

Thanks a lot for the feedback.

I was ambivalent about reusing the Retry-After header.  As far as I
can tell, the semantics are unchanged when encountered on a response
with a 503 status code, which AFAICT is the only status code it is
observed for per current HTTP standards.  The addition in this
Internet-Draft is to observe the header for responses with other
status codes.  My thought was that since implementations should ignore
unknown headers, this wouldn't dilute interop, but I wasn't sure.  It
sounds like the simplest route is to use a new header, but would love
your thoughts on the reasoning above before I go there.

I should note that the existing implementation does not actually
interpret Retry-After this way, it uses an X-header since there is no
standard yet.

I will look into registering the headers as you mentioned.  Thanks for
the reference.


On Mon, Oct 10, 2011 at 3:41 AM, Mark Nottingham <mnot@mnot.net> wrote:
> Hi Joi,
> I just noticed your draft <http://www.ietf.org/id/draft-sigurdsson-anti-ddos-http-throttling-00.txt> and had a quick look through it.
> One thing that stood out was your re-definition of the Retry-After HTTP header; modifying the semantics of an existing header is generally not a good idea (as doing so dilutes interop). If it does need changing, that needs to be done in consultation with the entire community, not unilaterally.
> I'd suggest you define a different header; if you really need to use Retry-After, please engage with the HTTPbis WG (CC:ed).
> Also, you'll need to register whatever headers you define; see RFC3864.
> Regards,
> --
> Mark Nottingham   http://www.mnot.net/
Received on Tuesday, 11 October 2011 18:33:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:54 UTC