Re: RFC 9113 and :authority header field from Tatsuhiro Tsujikawa on 2022-06-29 (ietf-http-wg@w3.org from April to June 2022)

From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 29 Jun 2022 18:13:42 +0900
To: Martin Thomson <mt@lowentropy.net>
Cc: HTTP <ietf-http-wg@w3.org>, Ian Swett <ianswett@google.com>, Kazuho Oku <kazuhooku@gmail.com>
Message-ID: <CAPyZ6=K=OpEx8HxY4upvLbppu2dSyOwZw_e5_f9hDXP3WKJCdw@mail.gmail.com>

On Wed, Jun 29, 2022 at 9:42 AM Martin Thomson <mt@lowentropy.net> wrote:

> On Wed, Jun 29, 2022, at 09:58, Tatsuhiro Tsujikawa wrote:
> > I think 2) is valid in terms of RFC 7540, but it suddenly becomes
> > invalid in terms of RFC 9113?
> > Is this correct?  https://www.fastly.com and https://www.google.com now
> > reject 2).
>
> My understanding is that both are valid alternatives.  As would a third
> option that contained the same value in both host and :authority.  The 4xx
> responses you are getting are (probably) compliance bugs.
>
> Thankfully we know people who might be closer to someone who is able to
> fix or defend those bugs.  (On CC).
>
> This whole host and :authority thing was an original mistake in HTTP/2.
> It was grounded in the view that HTTP/2 had to faithfully capture every
> weird thing HTTP/1.1 could express, even when it didn't make sense.  At the
> time, that was pragmatic and it might have aided deployment into systems
> that were, on some levels, broken.  In time, we should seek to remove those
> exceptions.  In the revision, we did some of that by disallowing different
> values.
>
>
Thank you for clarification.  Wait and see the deployments are resolved.

Best,

Tatsuhiro Tsujikawa

Received on Wednesday, 29 June 2022 09:14:11 UTC