Re: HTTP/2 examples SHOULD use :authority from Martin Thomson on 2016-12-01 (ietf-http-wg@w3.org from October to December 2016)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 2 Dec 2016 10:08:50 +1100
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnW5NSHEsv4NG_R4wf96SMc--vBkJ=zjG1QsUHJ9-6FyFA@mail.gmail.com>

Alex, you are right to observe that the examples in the document could
have been better.

There was a long discussion about this and the ultimate conclusion was
to recommend :authority over host.  However that never made the
examples section.

We did not mandate use of :authority so that proxies and gateways
could provide perfect fidelity in their translation from 1.1 to 2.

If you interpret the examples as conversions, then they are correct in
that the fidelity is preserved (as Kari points out).  However, I don't
believe that to be the primary purpose of examples in this
specification.

If we were able to make a change, I would indeed change the examples
to use :authority, but include a note that said that - in the case of
a direct conversion from 1.1 - "host" would be used instead.

On 2 December 2016 at 03:54, Alex Rousskov
<rousskov@measurement-factory.com> wrote:
> Hello,
>
>     This question is inspired be an interoperability problem between Web
> Polygraph benchmark and a [MitM] HTTP/2 proxy. Inside a CONNECT tunnel
> to a Polygraph server, Polygraph clients were violating the following
> RFC 7540 SHOULD by sending a Host header instead of the :authority
> pseudo-header:
>
>>   Clients
>>   that generate HTTP/2 requests directly SHOULD use the ":authority"
>>   pseudo-header field instead of the Host header field.
>
>
> When forwarding the requests, the proxy dropped the Host header without
> adding :authority... While investigating who is at fault, I noticed that
> Polygraph [accidentally] follows RFC 7540 examples: *All* Section 8.3
> examples show HTTP/2 requests with a Host header instead of :authority!
>
>> GET /resource HTTP/1.1       HEADERS
>> Host: example.org       ==>    + END_STREAM
>> Accept: image/jpeg             + END_HEADERS
>>                                  :method = GET
>>                                  :scheme = https
>>                                  :path = /resource
>>                                  host = example.org
>>                                  accept = image/jpeg
>
>
> One could argue that the RFC examples are meant to illustrate how to
> mechanically translate an HTTP/1 message to HTTP/2, with as little
> information loss as possible, even at the expense of violating a SHOULD.
> I do not think that is a valid argument because the Examples section
> does not disclose that intent and most readers will expect the [only]
> Example section to illustrate genuine HTTP/2 messages rather than
> unusual HTTP version translation peculiarities (unless explicitly noted
> otherwise).
>
> AFAICT, the Examples section talks about and shows various generated
> HTTP/2 messages that meet version-agnostic prose specifications. The
> HTTP/1 messages are probably also included just because most [early] RFC
> readers were expected to be more familiar with HTTP/1 than HTTP/2.
>
> Do you think the RFC examples should use ":authority" instead of "host"?
>
>
> Thank you,
>
> Alex.
>

Received on Thursday, 1 December 2016 23:09:23 UTC