- From: Alex Rousskov <rousskov@measurement-factory.com>
- Date: Wed, 07 Dec 2011 11:52:21 -0700
- To: "Roy T. Fielding" <fielding@gbiv.com>
- CC: ietf-http-wg@w3.org
On 12/07/2011 10:30 AM, Roy T. Fielding wrote: > A proxy is responsible for complying with all requirements on senders, > clients, and proxies. That is how the entire protocol is written. Does the above imply that all compliant proxies must _validate_ all forwarded headers defined by RFC 2616, to make sure those headers do not violate any of the 600+ MUSTs? If this is how the protocol has to be interpreted, we must clarify that in HTTPbis because (without an explicit confirmation) many folks would continue to use a less demanding interpretation. We should then also explain what a proxy should do if a to-be-forwarded header field fails validation but is not needed for correct proxy operation (from UA and origin server points of view)? Please consider the following specific example. A proxy receives an otherwise valid message with a Date header that violates the following MUST: The [Date] field value MUST be sent in rfc1123-date format. When forwarding the message, the proxy has a few choices: 0) Send the Date header field as it was received. 1) Do not send any Date header field. 2) Create and send a new Date header. 3) Reject the entire received message. What should a compliant proxy do? And Date is just one example. There are many other complex end-to-end headers that a given proxy does not need to validate to function correctly (from UA and origin server points of view) and that are difficult or even impossible to "fix" without creating more problems. Thank you, Alex.
Received on Wednesday, 7 December 2011 18:53:27 UTC