Re: Question about H2 and chunked encoding from Roy T. Fielding on 2017-09-26 (ietf-http-wg@w3.org from July to September 2017)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 26 Sep 2017 16:26:39 -0700
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <2BA72F9D-8D96-4131-B8AE-CE33B312219D@gbiv.com>

> On Sep 25, 2017, at 9:01 PM, Mark Nottingham <mnot@mnot.net> wrote:
> 
> 
>> On 26 Sep 2017, at 6:52 am, Roy T. Fielding <fielding@gbiv.com> wrote:
>> 
>>> On Aug 6, 2017, at 8:26 AM, Mark Nottingham <mnot@mnot.net> wrote:
>>> 
>>>> On 4 Aug 2017, at 8:15 pm, Cory Benfield <cory@lukasa.co.uk> wrote:
>>>> 
>>>>> On 4 Aug 2017, at 08:43, Stefan Eissing <stefan.eissing@greenbytes.de> wrote:
>>>>> 
>>>>> The live, so far, in my test cases for Apache httpd. I'd expect them to get used when the web starts worrying about message integrity more, once the https everywhere thing is done. ;-)
>>>> 
>>>> Adding to the list, HTTP/1.1 trailers are barely supported in the Python ecosystem: none of the major libraries or tools can emit them, and many fail to parse them. The better implementations parse-but-ignore. The Python HTTP/2 stack supports emitting and parsing trailers.
>>> 
>>> This thread makes me wonder if we can't improve things slightly in HTTPtre. E.g., we could say:
>>> 
>>>> A header field MUST NOT appear in trailers unless its definition allows it. Receiving implementations MUST ignore header fields appearing in trailers when their definitions do not allow it.
>>> 
>>> ... with an appropriate column in the header field registry to record this. I don't think this would break any existing implementations, because trailers are so seldom used right now, and I think there's a strong argument that this is the case anyway; the consuming application has to expect something in trailers to act upon it.
>>> 
>>> <https://github.com/httpwg/http11bis/issues/16#issuecomment-320513541>
>> 
>> We spent an enormous amount of time separating HTTP message processing from
>> required understanding of its semantics.  What you describe above is not an
>> improvement.  It isn't even implementable, in general.
> 
> This has nothing to do with message processing.

The existing requirements are in
http://httpwg.org/specs/rfc7230.html#rfc.section.4.1.2

  A sender MUST NOT generate a trailer that contains a field necessary for
  message framing (e.g., Transfer-Encoding and Content-Length), routing
  (e.g., Host), request modifiers (e.g., controls and conditionals in
  Section 5 of [RFC7231]), authentication (e.g., see [RFC7235] and [RFC6265]),
  response control data (e.g., see Section 7.1 of [RFC7231]), or determining
  how to process the payload (e.g., Content-Encoding, Content-Type,
  Content-Range, and Trailer).

  When a chunked message containing a non-empty trailer is received, the
  recipient MAY process the fields (aside from those forbidden above)
  as if they were appended to the message's header section.
  A recipient MUST ignore (or consider as an error) any fields that are
  forbidden to be sent in a trailer, since processing them as if they
  were present in the header section might bypass external security filters.

You suggested adding two normative requirements to message processing,
both based on "their definitions".  The first isn't targeted but translates
into MUST NOT send (instead of the existing MUST NOT generate).  The second
is a recipient MUST ignore based on *other* definitions.  Both impact
message processing by intermediaries.

If we want to add a table to the registry that indicates what header
fields are forbidden to be in trailers, we can do that without impacting
the existing text in 7230 (which is carefully worded to avoid being a
message processing requirement).

....Roy

Received on Tuesday, 26 September 2017 23:27:04 UTC