W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Transfer-codings, mandatory content-coding support and intermediaries

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 19 Apr 2014 18:43:54 +1200
Message-ID: <53521B2A.3080305@treenet.co.nz>
To: ietf-http-wg@w3.org
On 19/04/2014 10:34 a.m., K.Morgan@iaea.org wrote:
> On 18 April 2014 23:49, msweet@apple.com wrote:
>> ... *if* the goal is to provide semantic compatibility between 1.1
>> and 2.0 ... A 2.0 proxy talking to a 1.1 server can fairly easily
>> convert a 2.0 request using a gzip bit
> 
>> into a 1.1 request using T-E: gzip (just concatenate the gzip
>> streams from each DATA
> 
>> frame), but the reverse will require the proxy to decompress the
>> T-E: gzip stream from the
> 
>> 1.1 server and then either provide an uncompressed response to the
>> 2.0 client or
> 
>> re-compress each DATA frame.
> 
> Or the proxy could simply not declare support (i.e. not send a "TE:
> gzip" header to the server) and then compress the response
> frame-by-frame, but that also seems like a waste of bandwidth and an
> ugly hack.

On the contrary both of those operations are the two Right Ways' (tm) to
do it. Which one is up to the intermediary admin to select

IIRC we seem to have a consensus that a 2.0<->1.1 gateway can do thing
sthat drop the performance of the 1.1 section provided the 2.0 benefits
overall outweighs it.
 So the option of not advertising compression on the 2.0->1.1 hop (which
is almost the status-quo in 1.1) should be acceptible exchange for the
gains from mandatory compression support in the 2.0 traffic arriving at
the gateway.

And since *use* is not mandatory there is not a requirement on the
gateway to encode traffic going in the 1.1->2.0 direction. Although some
may wish to spend some CPU cycles benefiting from the compression.


> 
> Which begs the question, why not TE/Transfer-Encoding? It would
> obviously retain semantic compatibility.
> 
> I don't understand the need to eliminate all hop-to-hop headers
> (mentioned by Martin and others). Specifically, what problems are
> introduced by having T-E in the headers instead of a flag in the
> frame?
> 
> Also, I haven't seen comments yet as to whether or not text similar
> to the following would appease the security concerns (regardless of
> the method; T-E or frame-by-frame) ...
> 
>>>> Intermediaries MUST NOT add transfer coding(s).  Intermediaries
>>>> MAY remove transfer coding(s) if necessary. Intermediaries MAY
>>>> remove and re-apply transfer coding(s), but the transfer
>>>> coding(s) MUST be re-applied in the same order as applied by
>>>> the origin.

NP: this is not good.
 Consider a client advertising X, Z encoding supported. Proxy advertises
X, Y, Z. If the origin chose to layer encoding X-over-Y-over-Z it may
have done so because X-over-Z has a vulnerability. Stripping the X and Y
*both* would seem acceptible, since the client is only hoping for X
and/or Z. But re-encoding X-over-Z is tricky.

IMO the intermediary should either relay as-is or just strip away
encodings down to a layer the client has advertised support for.

>>>>  For example, an intermediary might elect to remove
>>>> a gzip transfer coding for local storage in its cache in order
>>>> to more easily extract a range of the content. In this case,
>>>> when serving a range, the intermediary can choose to send the
>>>> range with no transfer coding or with gzip transfer coding, but
>>>> not with any other transfer coding(s).
> 

-1 on this particular wording. You seem to be conflating
transfer-encoding with content-encoding.

In regards to caching:

* Transfer-Encoding is expected to decode on arrival (or at least act
like it has). It must be uncompressed for delivery to the store logics.
  -> The entity being cached is the un-encoded object form.

* Content-Encoding is expected to retain its compression while in the
storage.
  -> The entity being cached is the encoded object form.


The catch in regards to caching per-segment 2.0 compression is retaining
the SEGMENT tagging on byte ranges within the stream payload. But that
is an implementation detail I am sure we caching people can sort out
fairly easily.

My 2c.:

The need for Transfer-Encoding is explicitly about giving intermediaries
flexibility to choose on the transfer of *specific* payloads. A blanket
all-or-nothing MUST/MUST NOT for every possible payload is too absolute
and inflexible to cover every use case properly.
 Given that, the impetus should be on having a signal from the origin
about whether encoding/compression can be added (or not) by the
intermediaries on a particular segment.

Taking this a little further, I wonder if simply extending
Cache-Control:no-transform to mean that not even Transfer-Encoding is
permitted on this stream is sufficient for resolving the security edge
cases. It should then be okay for the spec to allow Transfer-Encoding on
all transformable traffic by default, same as in HTTP/1.1 today
(perhapse with a must-support for gzip etc which are desirable).
 The per-frame compression should in turn reduce the need for adding
no-transform control in the group of segmented transactions which are
non-cacheable with varying security needs (but if in doubt use
no-transform).

Amos
Received on Saturday, 19 April 2014 06:44:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC