Re: Comments on draft-ietf-httpbis-replay-01.txt

Proposed changes are here:  https://github.com/httpwg/http-extensions/pull/423

I've trimmed my response to just those that I think need some
attention.  In particular, see the last change, which is substantial.
Though I think that it remains editorial in nature, I really want to
make sure that I haven't made a mistake.

On Fri, Nov 17, 2017 at 1:02 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> S 5.
>       The "Early-Data" header field is included in requests that are
>       received in early data.
>
> Do you mean "partially received" here?

I've changed the definition to:

* The `Early-Data` header field is included in requests that might have been
  forwarded by an intermediary prior to the TLS handshake completing.

I think that covers your question better, and should address Willy's
concerns too.  I don't want to overload this too much with detail,
which is easy, but I think that this is accurate enough.

> S 5.2.
>    Clients (user-agents and intermediaries) that sent the request in
>    early data MUST automatically retry the request when receiving a 425
>    (Too Early) response status code.  Such retries MUST NOT be sent in
>    early data.
>
>    Intermediaries that receive a 425 (Too Early) status code MAY
>    automatically retry requests after allowing the handshake to complete
>    unless the original request contained the "Early-Data" header field
>    when it was received.  Otherwise, an intermediary MUST forward the
>    425 (Too Early) status code.
>
> I am having trouble reading this text. It seems to me that the first
> graf says that intermediaries MUST retry when I receive 425, and then
> the second graf says that it MUST instead forward 425 if the
> Early-Data header was not in the request.

At Willy's prompting, I removed the parenthetical on the first
paragraph, but then realized that our recent changes to how this works
make that first bit quite misleading.  I've changed it to concentrate
on User Agents instead of clients.  That only helps a little though.

I think that I have something that makes the intermediary text much
clearer.  That is, concentrate first on forwarding 425.  This is
always possible because we have taken steps to ensure that early data
is opt in along the whole intermediary chain.  Then, add a note about
when it is possible to hold and retry requests at an intermediary, but
that is the exceptional case.

~~~
User agents that send a request in early data MUST automatically retry the
request when receiving a 425 (Too Early) response status code. Such retries MUST
NOT be sent in early data.

In all cases, an intermediary can forward a 425 (Too Early) status code.
Intermediaries MUST forward a 425 (Too Early) status code if the request that it
received and forwarded contained an `Early-Data` header field. An intermediary
that receives a request in early data MAY automatically retry that request in
response to a 425 (Too Early) status code, but it MUST wait for the TLS
handshake to complete on the connection where it received the request.
~~~

Received on Tuesday, 21 November 2017 05:45:17 UTC