- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 11 May 2017 07:33:15 +0200
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Erik Nygren <erik@nygren.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, "Ponec, Miroslav" <mponec@akamai.com>, "Kaduk, Ben" <bkaduk@akamai.com>
Hi Mark, On Thu, May 11, 2017 at 10:23:12AM +1000, Mark Nottingham wrote: > If an origin doesn't have robust retry/replay protection in place for > non-idempotent requests, it seems operationally simpler and safer for them to > disable 0RT, rather than refusing it on a request-by-request basis. That's > the discussion I think we should have here... That's exactly the situation I'm facing for now with haproxy. A few users have asked us to support 0RTT and by lack of way to 1) decide which requests are really safe, and 2) tell the client it must replay them using 1RTT, for now I refused to enable it. The load balancer and the origin server will have a different view of the acceptability of 0RTT, and all the chain must be able to accept or reject them, and let the client retry. I tend to think that a 4xx status code would make sense and would be useful to pass the verdict back to the client. For example we could return "418 not idempotent". Willy
Received on Thursday, 11 May 2017 05:34:23 UTC