- From: S Moonesamy <sm+ietf@elandsys.com>
- Date: Tue, 29 Oct 2013 01:13:08 -0700
- To: apps-discuss@ietf.org, draft-ietf-httpbis-p5-range.all@tools.ietf.org
- Cc: ietf-http-wg@w3.org, ietf@ietf.org, iesg@ietf.org
I have been selected as the Applications Area Directorate reviewer for this draft (for background on APPSDIR, please see http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate ). Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-httpbis-p5-range-24 Title: Hypertext Transfer Protocol (HTTP/1.1): Range Requests Reviewer: S. Moonesamy Review Date: October 29, 2013 IETF Last Call Date: October 21, 2013 Summary: This draft requires further review. This document defines HTTP/1.1 range requests, partial responses, and the multipart/byteranges media type. This document is well-written. The Introduction section mentions that the byte range feature is an optional feature of HTTP. This feature can be used to, for example, resume the download of a large file. The feature is part of the set of documents for the protocol while the feature can be considered as not being part of the base protocol. The Security Consideration sections (see Part 1 and Part 2) do not discuss about whether the feature can be misused (e.g. denial of service). Major Issues: In Section 2.3: 'The "Accept-Ranges" header field allows a server to indicate that it supports range requests for the target resource.' There isn't any recommendation or requirement for the server to send "Accept-Ranges: bytes"; it's a RFC 2119 "may". It seems better if there is a recommendation for the server to advertise the feature if the server supports it. There is the following text in Section 3.1: "A server MAY ignore the Range header field. However, origin servers and intermediate caches ought to support byte ranges when possible, since Range supports efficient recovery from partially failed transfers and partial retrieval of large representations." My understanding of the above is that the server can ignore the Range header field but it is politely recommended that origin servers and intermediate caches support it. This looks like a workaround to avoid introducing a RFC 2119 "should". The text explains why it is worthwhile to support byte ranges while the Introduction sections states that this feature is optional. In Section 3.2: "HTTP-date" is defined in the Appendix C. I suggest importing the rules should be in Section 1.2. In Section 2.1: "Other valid (but not canonical) specifications of the second 500 bytes (byte offsets 500-999, inclusive): bytes=500-600,601-999 bytes=500-700,601-999" And Section 3.1: "A client that is requesting multiple ranges SHOULD list those ranges in ascending order (the order in which they would typically be received in a complete representation) unless there is a specific need to request a later part earlier." I am trying to understand what the server should do when it receives one or several overlapping ranges. In Section 4.1: "If multiple parts are being transferred, the server generating the 206 response MUST generate a "multipart/byteranges" payload, as defined in Appendix A" It is unusual to have a RFC 2119 requirement defined in an appendix. "If the selected representation would have had a Content-Type header field in a 200 (OK) response, the server SHOULD generate that same Content-Type field in the header area of each body part." I don't understand why the RFC 2119 "should" is used in the above. When can the "should" be ignored? Is the server supposed to generate the same Content-Type header field in each header area if the selected representation would have a Content-Type header field for a 200 (OK) response? "When a multipart response payload is generated, the server SHOULD send the parts in the same order that the corresponding byte-range- spec appeared in the received Range header field, excluding those ranges that were deemed unsatisfiable or that were coalesced into other ranges." It is recommended in the Section 3.1 that the client lists the ranges it requests in ascending order. The above text recommends that the server should send the parts in the same order as the request. There can be an interoperability issue when the two sides are told to do RFC 2119 "should". In Appendix A: "The following definition is to be registered with IANA [BCP13]." The request to IANA should be in the IANA Considerations section. Minor Issues: In Section 1: "Range requests are an OPTIONAL feature of HTTP, designed so that recipients not implementing this feature (or not supporting it for the target resource) can respond as if it is a normal GET request without impacting interoperability." As the word "OPTIONAL" in the above is not interpreted according to RFC 2119 I suggest using plain English instead of a word in uppercase. In Section 2.1: "In the byte range syntax, first-byte-pos, last-byte-pos, and suffix- length are expressed as decimal number of octets. Since there is no predefined limit to the length of a payload, recipients ought to anticipate potentially large decimal numerals and prevent parsing errors due to integer conversion overflows." There is a RFC 2119 "should" in Section 3.3.2 of draft-ietf-httpbis-p1-messaging-24 about integer conversion and a reference to Section 9.3 of that draft. I may have missed integer conversation issues in the reviews. I suggest doing a verification to verify that there is adequate text where it is applicable. Nits: In Section 2.2: "Range units are intended to be extensible." Section 3.12 of RFC 2616 states that: "The only range unit defined by HTTP/1.1 is "bytes". HTTP/1.1 implementations MAY ignore ranges specified using other units. HTTP/1.1 has been designed to allow implementations of applications that do not depend on knowledge of ranges." I consider the creation of the registry as "it does not cost anything to add one more registry". The text from RFC 2616 suggests that the only unit specified is "bytes" and that HTTP/1.1 does not depend upon the knowledge of this optional feature. I don't see any reason to have other range units. In Section 2.3: "A server that does not support any kind of range request for the target resource resource MAY send" The word "resource" is duplicated. Regards, S. Moonesamy
Received on Tuesday, 29 October 2013 08:15:22 UTC