- From: Ben Schwartz <bemasc@meta.com>
- Date: Thu, 2 Jan 2025 17:07:07 +0000
- To: Willy Tarreau <w@1wt.eu>
- CC: Glenn Strauss <gs-lists-ietf-http-wg@gluelogic.com>, HTTP Working Group <ietf-http-wg@w3.org>, "mcmanus@ducksong.com" <mcmanus@ducksong.com>
- Message-ID: <SA1PR15MB4370ABADACA4B18D04D9500EB3142@SA1PR15MB4370.namprd15.prod.outlook.com>
>> In fact, ":protocol" only supports a subset of the registered Upgrade Tokens >> (i.e. those that explicitly describe their use with Extended CONNECT), and >> even if an Upgrade Token is defined for use in both HTTP/1.1 Upgrade and >> Extended CONNECT, there is no generic process for converting between these >> forms without detailed knowledge of the specific Upgrade Token. > My perception was that this extension was meant to be more generic. Section > 4 (The Extended CONNECT) doesn't put any reserve regarding the supported > protocols. Section 5 applies it to WebSocket. Section 5 _defines_ how to use Extended CONNECT with WebSocket. Without Section 5, there would be no defined procedure for using Extended CONNECT with WebSocket. All other Upgrade Tokens are _potentially_ compatible with Extended CONNECT, but only if an integration is specified for that Upgrade Token. In the absence of a defined integration (like the one for WebSocket), an Upgrade Token cannot be used with Extended CONNECT. >> Someone >> should tell them that "tcp" is not a registered Upgrade Token ... > I agree with that to some extents, because Upgrade is a cleaner CONNECT, > actually one that can decide whether or not to upgrade based on path, > query string, and/or header fields. I don't object to the design, but registration is required. The registry is First Come First Served, so claiming the token for their usage should be a matter of one email exchange. >> As for haproxy, it needs to restrict its HTTP Version Conversion logic to >> recognized Upgrade Tokens where the conversion logic is known to be correct. > For H1 to H1 that's definitely not acceptable ... By "Version Conversion" I mean "conversion of requests between different HTTP versions". > For H1 to H2, we're indeed more limited in that we can't pass a POST > to H2 since CONNECT doesn't permit to upload contents. ... No, this is incorrect. Extended CONNECT does not permit transparent conversion of a GET or HEAD or OPTION or FOO request either. Conversion between Upgrade and Extended CONNECT is only permitted if the intermediary recognizes the Upgrade Token, and knows the token-specific rules for conversion between these request forms (if that conversion is even possible). --Ben
Received on Thursday, 2 January 2025 17:07:46 UTC