Quick feedback on draft-nottingham-web-proxy-desc-00 from Julian Reschke on 2014-09-03 (ietf-http-wg@w3.org from July to September 2014)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 03 Sep 2014 14:14:32 +0200
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <54070628.3080401@gmx.de>

Mark,

thanks a lot of getting something out. Here's some initial feedback:


Technical:

>    WPD Proxies MUST support HTTP/2 [I-D.ietf-httpbis-http2] over TLS for
>    connections from clients.  Clients that cannot establish a HTTP/2
>    connection to a WPD proxy MUST consider that proxy "failed."

This requirement appears to be unrelated to the goals of the document. 
Do we need it? Why would it be bad to connect using HTTP/1.1?

>    [RFC7230] Section 5.7.2 requires proxies to honour the semantic of
>    the "no-transform" cache-control directive, and append the 214
>    (Transformation Applied) warn-code to other messages that have been
>    transformed; WPD proxies MUST honour these requirements.

I agree with the requirement, and I also like it being called out. That 
being said, I'd prefer to be clear about what requirements are *added* 
for WPD Proxies, and which ones apply to proxies anyway.

>    Proxy objects' members are defined by the following subsections;
>    unrecognized members SHOULD be ignored.

Isn't that a MUST?


Editorial:

- there are some uses of BCP14 keywords in lower case; either rephrase 
or uppercase them....

>    This specification defines:
>
>    o  A simple format for describing a Web proxy ("WPD"; see Section 3)
>       to facilitate configuration, and so that it can be represented to
>       users in a consistent way, and
>
>    o  A way to discover the proxy description using a well-known URL
>       (Section 4), so that direct configuration of a proxy is as simple
>       as entering a hostname, and
>
>    o  A set of additional requirements for proxies described in this
>       fashion, as well as requirements for User Agents connecting to
>       them, designed to improve security, usability and
>       interoperability.  See Section 2.

This reads weird as the sections are introduced in a ordering different 
from document order...


References:

>    [bad-proxy]
>               Chen, S., Mao, Z., Wang, Y., and M. Zhang, "Pretty-Bad-
>               Proxy: An Overlooked Adversary in Browsers' HTTPS
>               Deployments", January 2009, <research.microsoft.com/
>               jump/79323>.

URI should be fixed.

>    [W3C.CR-html5-20140731]
>               Berjon, R., Faulkner, S., Leithead, T., Navara, E.,
>               O&#039;Connor, E., and S. Pfeiffer, "HTML5", World Wide
>               Web Consortium CR CR-html5-20140731, July 2014,
>               <http://www.w3.org/TR/2014/CR-html5-20140731>.

s/&#039;/'/

In general, I recommend using the references from 
<http://greenbytes.de/tech/webdav/rfc2629xslt/w3c-references.html#ref-CR-html5-20140731> 
because they are generated from the W3C pub database and also allow 
mechanical up-to-date checks.

Best regards, Julian

Received on Wednesday, 3 September 2014 12:15:05 UTC