W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: clarify some MUST requirements in HTTPbis part 1 section 3.3

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 07 Dec 2011 11:52:21 -0700
Message-ID: <4EDFB5E5.3000600@measurement-factory.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
CC: ietf-http-wg@w3.org
On 12/07/2011 10:30 AM, Roy T. Fielding wrote:

> A proxy is responsible for complying with all requirements on senders,
> clients, and proxies.  That is how the entire protocol is written.

Does the above imply that all compliant proxies must _validate_ all
forwarded headers defined by RFC 2616, to make sure those headers do not
violate any of the 600+ MUSTs?

If this is how the protocol has to be interpreted, we must clarify that
in HTTPbis because (without an explicit confirmation) many folks would
continue to use a less demanding interpretation. We should then also
explain what a proxy should do if a to-be-forwarded header field fails
validation but is not needed for correct proxy operation (from UA and
origin server points of view)?

Please consider the following specific example. A proxy receives an
otherwise valid message with a Date header that violates the following MUST:

  The [Date] field value MUST be sent in rfc1123-date format.

When forwarding the message, the proxy has a few choices:

  0) Send the Date header field as it was received.
  1) Do not send any Date header field.
  2) Create and send a new Date header.
  3) Reject the entire received message.

What should a compliant proxy do?

And Date is just one example. There are many other complex end-to-end
headers that a given proxy does not need to validate to function
correctly (from UA and origin server points of view) and that are
difficult or even impossible to "fix" without creating more problems.

Thank you,

Received on Wednesday, 7 December 2011 18:53:27 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:26 UTC