Re: I-D Action: draft-ietf-httpbis-header-structure-07.txt from Richard Gibson on 2018-07-02 (ietf-http-wg@w3.org from July to September 2018)

From: Richard Gibson <richard.j.gibson@oracle.com>
Date: Mon, 2 Jul 2018 12:03:07 -0400
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <5ba495c8-b6c3-80ee-564f-bf4352a088c1@oracle.com>
I don't remember if I mentioned this in a previous draft, but I have 
issues with discarding headers that fail parsing, as specified in 
section 4.2. This allows broken client implementations to persist 
indefinitely, and experience surprising but potentially undetected 
behavior from servers. Shouldn't failure to parse a structured header 
result in rejection of the entire request?

Other comments:

In Section 2, the "Foo-Example Header" example text is hard to 
distinguish from the normative document text. I think it should be 
indented and/or moved into its own subsection.

Section 3.5 defines sh-integer to include 1*19DIGIT. If allowing leading 
zeroes is intentional, then it should be made explicit (and probably 
also deserves a mention in Section 4.2.6 steps 8.1 and 9.2).

Section 4.1.1 (Serialising a Dictionary) appears to be missing a step 
for emitting commas between key-value pairs.

Section 4.1.3 (Serialising a Parameterised List) appears to be missing a 
step for emitting semicolons before identifier parameters.

Section 4.1.4 (Serialising an Item) appears to be missing a step that 
appends "value" (the result of applying a type-specific serialisation 
algorithm) to "output" (the string that is returned).

Section 3.1 claims that dictionaries allow no whitespace on either side 
of "=" that separate keys and values, but Section 4.2.1 (Parsing a 
Dictionary from Text) uses Parse Item from Text after consuming the "=", 
and Section 4.2.5 defines that to begin with discarding "any leading OWS 
from input_string", thereby allowing post-"=" whitespace in dictionary 
parsing. The gap should be reconciled.

Should Structured Headers take a position on negative zeroes? Section 
4.1.6 (Serialising a Float) emits a negative sign if "input is less than 
(but not equal to) 0", which I believe is ambiguous in the context of 
IEEE 754. And Section 4.2.6 (Parsing a Number from Text) accepts 
negative zeroes, but preserves the sign only for floats.


On 07/02/2018 03:19 AM, internet-drafts@ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Hypertext Transfer Protocol WG of the IETF.
>
>          Title           : Structured Headers for HTTP
>          Authors         : Mark Nottingham
>                            Poul-Henning Kamp
>  Filename        : draft-ietf-httpbis-header-structure-07.txt
>  Pages           : 27
>  Date            : 2018-07-02
>
> Abstract:
>     This document describes a set of data types and algorithms associated
>     with them that are intended to make it easier and safer to define and
>     handle HTTP header fields.  It is intended for use by new
>     specifications of HTTP header fields as well as revisions of existing
>     header field specifications when doing so does not cause
>     interoperability issues.
>
>
> The IETF datatracker status page for this draft is:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dhttpbis-2Dheader-2Dstructure_&d=DwICaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=eySPBx2CiM8BUQ7FFWJY_4aibes77hMFF8Vxe5zUsYE&s=n24N_wOqqViSHpMN6iygCajclNm_--cMEz35GVhS1lA&e=
>
> There are also htmlized versions available at:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dhttpbis-2Dheader-2Dstructure-2D07&d=DwICaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=eySPBx2CiM8BUQ7FFWJY_4aibes77hMFF8Vxe5zUsYE&s=6DPpxSk9wh99qUR23gRZSmbbN9jM3Q6yuAbvKkviEXw&e=
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Dhttpbis-2Dheader-2Dstructure-2D07&d=DwICaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=eySPBx2CiM8BUQ7FFWJY_4aibes77hMFF8Vxe5zUsYE&s=hILTlBQ2WM-yZrJRazB4zqdjhy7nLjdl-RUIcFDSV-I&e=
>
> A diff from the previous version is available at:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dietf-2Dhttpbis-2Dheader-2Dstructure-2D07&d=DwICaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=eySPBx2CiM8BUQ7FFWJY_4aibes77hMFF8Vxe5zUsYE&s=I8qcQasE5dpfbU8v6hnnZp-H1abXmUL5rTHbv-wTTWM&e=
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwICaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=-o8MJF7i0TzXAJRB0ncfTVfWKSyTG7nl_iTLU_A2B7c&m=eySPBx2CiM8BUQ7FFWJY_4aibes77hMFF8Vxe5zUsYE&s=QPeJzVTuwpegeX8EO0zZOWpxCTx-dRuZ3Lltvw6ufWw&e=
>
>
Received on Monday, 2 July 2018 16:04:09 UTC