IETF

W3CHTTP

HTTP/1.1 Draft Standard Issues List

(Prior to IESG Last Call for Draft Standard)

Last call of the specifications occurred before the March IETF. The issues here all relate to issues raised during and after working group last call period, and while interoperability testing has continued to meet IETF process rules.

For HTTP-WG use only

Note: this list is an internal working document of the IETF HTTP-WG. Please do not distribute, publish, or quote.

@(#) $Id: DSI.html,v 1.4 1999/12/15 10:23:08 ylafon Exp $

Issue Status

This is a list of issues raised since last call in the working group. If you think the summary is wrong in any of these instances, please send mail to Jim Gettys, or, if you really think you have a new issue, please send mail to the http working group.

The comments are based on the Revision 4 of the HTTP/1.1 specification, and Auth-02 of HTTP Authentication.

When referring to issues on the list, it helps the editor if you put the issue name into the subject line of any mail messages.

Links to Related Documents

The No field contains an arbitrary number of the issue, which is guaranteed to change in the future (i.e. use the Name of the issue, not its number, in any discussions; it is for convenience during teleconferences.)

The Name field contains the name of the issue; and there are hypertext anchors present in this document of these names for each issue, to aid in cross referencing. We generally don't change the name or delete it once an issue has been opened.

The Short Description field contains a short description of the issue, often hyperlinked to a longer explanation of the issue.

The Status field can have the following values:

  1. Open- the issue has been acknowledged to be a problem, but no definate solution proposed
  2. Drafting- a solution is being drafted, and discussion is continuing in the mailing list
  3. Ready for last call - a proposed resolution has been circulated, but the last call not yet issued
  4. Last Call Issued- a last call for comments has been issued by the working group chair (Larry Masinter)
  5. Closed - the issue is believed to be closed by the proposed resolution, and will be incorporated into the draft
  6. Closed, no action needed -the issue is believed to be closed by the proposed resolution, and no action is needed.
  7. In Rev XX - the closed issue has been edited and (will) appear(s) in draft XX of the specification (maybe with caveats).
  8. Out of scope - this issue will not be addressed in the HTTP/1.1 specifications
  9. Editorial- the issue does not involve technical problems with the specifications (beyond minor clarification)
  10. RFC 2XXX -The issue has been dealt with independently of the HTTP/1.1 specification in the named document.
  11. Subsumed By - the issue has been subsumed by a different issue (sometimes when disentangling an issue into its component issues, you find other issues that really are a symptom of a problem originally thought to be different)

The Proposed Resolution field has a synopsis of the proposed resolution, usually with a hyperlink to a longer message detailing the changes to the specification proposed.

The Raised By field contains a mailto: link to the name of the person who raised the issue initially.

The Resp. field contains a mailto: link to the name of the person responsible for drafting language to fix the issue, or responsible to see that action on the issue occurs.

Summary Of Issues in HTTP/1.1 and Authentication specifications.

0 Open Authentication Technical issues:

0 Open Authentication Editorial issues:

12 Authorization Technical issues closed since Auth-01: AUTH-PARAM, CHALLENGE-ORDER, DIGEST-URI, SNOOPED, REQUEST-DIGEST, CNONCE, NONCE-ETAG, DIGEST-MULTIPART, CHALLENGE-ORDER, AUTHVSPROXY, PROTECTION-SPACE, PROXY-AUTH

8 Authentication Editorial issues closed since Auth-01: DMKAUTHNITS, COPYRIGHT, XREFS, CLEAN_INDEXES, PROXY-MAXAGE-TYPO, AUTHORS, REFERENCES, INTERNIC

0 Open HTTP Technical issues:

0 HTTP Editorial Issues:

14 HTTP Technical issues closed since Rev-03 (and edited into Rev-05): MMS, EXPECT, TRANSFORMATIONS, CHUNKEDTRAILERS, TE-IDENTITY, PROXY-DNS, ERRORS, WARN-GEN, RANGEDELIM, IEBUG, MISTAKES, VERSION, EXPECT, CREATE

35 HTTP Editorial issues closed since Rev-03 (and edited into Rev-05):

BENNETT, REFERENCES, NOTES, MMSCHECK, TENIT, MISTAKES, DEPOSIT, ADVANTAGE, CONT, FLATTINNITS, TOKENS, INTERNIC, DMKNITS, LARRYENG, UNRECOGNISED, TSCHALAER, DATEWRONG, BNFNIT, REDIR, COPYRIGHT, WARN-GEN, TPROXY, PERSIST, 302FOUND, 202CAPS, 409CONFLICT, ARTG, RANGECONTRA, DMKNIT, RULE, POSTNIT, REVALIDATION, PROXY-MAXAGE-TYPO, AUTHORS, CHANGES

Authentication Technical Issues
No
Name
Status
Short Description
Proposed
Resolution
Raised By
Resp.
a1 REQUEST-DIGEST In Auth-02 No definition for non-terminal request-digest Scott believes that the suggested resolution in the mail is correct - the syntax should just be:

request-digest = <"> *LHEX <">

 dmk
a2 CNONCE In Auth-02 In Authorization, the client can omit cnonce=. If qop=auth-int and cnonce is omitted, should Authentication-Info in the server's response say 'cnonce=""' or should cnonce be omitted there, too? Discussion and proposed resolution in . Thread one, and Thread two. dmk
a3 NONCE-ETAG In Auth-02 Recommending that the (Digest) nonce include Etag seems like a bad idea -- it makes the nonce non-reusable for other entities. Leave it as is. dmk
a4 DIGEST-MULTIPART In Auth-02 In a response that sends multipart/byteranges, does the digest-uri-value of A2 digest the MIME headers and separators? Slight clarification needed dmk
a5 CHALLENGE-ORDER In Auth-02 Ordering of challenges may make a difference with existing clients. fix proposed mcmanus
a6 AUTHVSPROXY In Auth-02 Why is WWW-Authenticate different than Proxy-Authenticate? aas
a7 PROTECTION-SPACE In Auth-02 Protection space" not defined in spec. Contained in message, with subsequent comments.. paulle
a8 PROXY-AUTH In Auth-02 When is Proxy-Authentication sent? paulle
a9 AUTH-PARAM In Auth-03 It's hard to imagine an auth-scheme that can work correctly and usefully with zero auth-param's in the credentials. Simple change to BNF in message. dmk
a10 CHALLENGE-ORDER In Auth-03 An implementor might assume that "realm" will be the first auth-param in a digest-challenge. Note might prevent problems. dmk
a11 DIGEST-URI In Auth-03 Use of digest-uri needs help. dmk
a12 SNOOPED In Auth-03 Threat of "snooped password". Suggested change in the message. dmk
Authentication Editorial Issues
No
Name
Status
Short Description
Proposed Resolution
Raised By
Resp.
ae1 COPYRIGHT In Auth-02 Update to Internet Society Copyright. fix it. jg paulle
ae2 CLEAN-INDEXES In Auth-02 The indexes need cleanup. fix it. jg paulle
ae3 XREFS In Auth-02 Make sure authentication draft cross references correct section in HTTP spec. just do it! jg paulle
ae4 PROXY

-MAXAGE-TYPO

 In Auth-02 See HTTP editorial issue PROXY-MAXAGE-TYPO fix it. mogul paulle
ae5 AUTHORS In Auth-02 Make sure author's addresses are up to date. fix it. jg paulle
ae6 REFERENCES In Auth-02 Make sure the references are up to date. fix it jg paulle
ae7 INTERNIC In Auth-02 See INTERNIC below. fix it jg paulle
ae8 DMKAUTHNITS In Auth-03 Dave has found more nits. fix them. dmk paulle


HTTP Technical Issues
No
Name
Status
Short Description
Proposed Resolution
Raised By
Resp.
h1 MMS In Rev-04, Rev-05 Review of MUSTs, MAYs, and SHOULDS in the whole document, e.g. Cache Control

Jeff Mogul reviewed the first half of the document, and Scott Lawrence reviewed the second half of the document.

A few further comments have been received.

 Fix them, but as these involve changes to normative text, even though editorial, I'm classifying this issue technical. masinter masinter,

mogul,

lawrence,

jg
h2 TE-IDENTITY In Rev-04 Should TE: identity; q=0 be allowed? Add OPTIONAL for how the server handle it. That is, it is optional for the server to look at it but if it does then it SHOULD send 406 if it can't respond in the transfer encoding. dmk frystyk
h3 PROXY-DNS In Rev-04 What error status should a proxy report on a DNS lookup failure? Broaden the scope of 504 to contain DNS timeouts as well and describe this as a minor clarification. Put in a note for clients saying that to expect in a 400 code and maybe 500 as well. erik masinter, paulle
h4 ERRORS Closed, no action needed What should an server do when a request has an error? Should it close? What should it report? Do what the spec already says. dmk
h5 RANGEDELIM In Rev-04 The description of multipart/byteranges leaves a lot to be desired on the subject of where <CRLF> should occur. Clarify 19.2 that the definition of the MM body is defined by RFC 2046. john dmk
h6 IEBUG Closed, No Action Needed What should we do with 416 given buggy implementation and deployment in IE4? Do nothing, but we've investigated further to make sure we understand the issue fully. josh paulle,

jg
h7 MISTAKES 8.2.3 In Draft-04

14.35.1 In Draft-04

 Koen found some mistakes in the last call document. 8.2.3: the current SHOULD should become a MAY, slight editorial cleanup

13.10 No change planned

14.2, currently, no change planned.

14.35.1: there may be an implicit assumption that should be explicit

 koen jg

paulle
h8 WARN-GEN In Rev-04 Warning should be a general header field. In looking for all places that needed to change, it became clear some more care might be wise. frystyk frystyk
h9 VERSION In Rev-04 Use of Version header still not clear. Proposal contained in message mogul mogul
h10 EXPECT In Rev-04

Closed

 Belief that would make implementations non-compliant.

Some further comments.

 Rejected, except for editorial note pointing out that Expect isn't in previous RFC's. frystyk frystyk
h11 CREATE In Rev-04 How do you get an etag and/or metainformation when you first create a resource without a race? Add note that ETag can be used in 201 response to return tag. frystyk frystyk
h12 TRANSFORMATIONS In Rev-05 Contradictory language/intent about transformations. Jeff Mogul has response and suggested changes. rlgray mogul
h13 CHUNKEDTRAILERS In Rev-05 Use of trailers with chunked encoding can cause an interoperability issue with HTTP/1.0 clients. This case has not been deployed.

Fix and Jeff's cleanups.

 rlgray fielding
HTTP Editorial Issues
No
Name
Status
Short Description
Proposed Resolution
Raised By
Resp.
he0 TENIT In Rev-04 Broken cross reference in transfer coding section. fix it. mcmanus jg
he1 DISPOSIT In Rev-04 Content Disposition description does not match current practice. fix it. koen jg
he2 ADVANTAGE In Rev-04 Advantages / disadvantages claimed for persistent connections may need some rework (not much, me thinks...) fix it. martin-flatin jg
he3 CONT In Rev-04 100 Continue contradiction needs text reorganization fix it. martin-flatin jg
he4 FLATINNITS In Rev-04 Nits from Martin-Flatin. fix it. martin-flatin jg
he5 TOKENS In Rev-04 Clarify wording about Connection Tokens added cross references to discussion of Keep-Alive and friends. martin-flatin jg
he6 INTERNIC Closed, no action needed Make sure no hyperlinks in source document point to Internic, who no longer provide the RFC's online weren't any... hoshka jg
he7 DMKNITS In Rev-04 Dave Kristol, as always, finds yet more nits (a bunch of spaces before sentence ending periods). fix them. dmk jg
he8 LARRYENG In Rev-04 The wording "If successful, the response..." is poor English. (It isn't the response that's successful!) Perhaps it should say "If the request is valid, the response...." What constitutes a valid request is sprinkled through the specification. masinter, dmk jg
he9 UNRECOGNIZED Closed, no action needed What does unrecognised header mean? Doesn't look like any action is really needed. dmk jg
he10 TSCHALAER In Rev-04 Collection of nits from Ronald In message tschalaer jg
he11 DATEWRONG In Rev-04 Date in Rev-03 document wrong. fix it. spreitze jg
he12 BNFNIT In Rev-04 BNF references from other documents might be improved. fix them. js jg
he13 REDIR In Rev-04 Redirect handling needs clarification. fix them gisle jg
he14 COPYRIGHT In Rev-04 Update to Internet Society Copyright. see RFC 2223 masinter jg
he15 WARN-GEN In Rev-04 Warning should be a general header field. fix it. frystyk jg
he16 TPROXY In Rev-04 Non-caching should be "transparent" proxy. fix it. swingard jg
he17 PERSIST In Rev-04 Spec is confusing about persistent connections vs. keepalives. fix it. ewindes jg
he18 302FOUND In Rev-04 302 Found says that conversion of POST to GET is "erroneous". But this is current practice. First note can be deleted. macrides jg
he19 202CAPS In Rev-04 202 Accepted says MAY or MAY not which should not be capitalized; see: MUST-MAY-SHOULD fix it jg jg
he20 409CONFLICT In Rev-04 409 Conflict still refers to versioning. Versioning makes a good example of intended use of 409, but versioning can't be normative jg jg
he21 ARTG Closed Art Goldberg requests some clarifications I could not see how to improve things from looking at the archive jg jg
he22 RANGECONTRA In Rev-04 MUST/SHOULD contradiction between 416 Requested Range Not Satisfiable and Content Range header 14.16 SHOULD should be a MUST, I think... jchamberlain jg
he23 DMKNIT In Rev-04 Extra space in 304 Not Modified remove it. dmk jg
he24 RULE In Rev-04 The definition of #rule is confusing fix it. mcjones jg
he25 POSTNIT In Rev-04 Wording around post says destination rather than origin server. fix it. ravi.badrachalam jg
he26 REVALIDATION Closed Can revalidation explanation be strengthened? the discussion does not make it clear that it can be made clearer lacking any concrete suggestions rlgray jg
he27 PROXY

-MAXAGE

-TYPO

 In Rev-04 Make sure that all instances of "proxy-maxage" have been replaced by "s-maxage", in both the HTTP/1.1 spec and in the Authentication spec. fix it. mogul jg
he28 AUTHORS In Rev-04 Make sure author's addresses are up to date. fix it. jg jg
he29 REFERENCES In Rev-05 Make sure the references are up to date. (URI is now draft standard) fix it. jg jg
he30 CHANGES In Rev-04 Update changes section Add issues and resolutions raised since last call; delete minor nits section. jg jg
he31 BENNETT In Rev-05 Careful read from Paul Bennet has uncovered a number of things that should be fixed. fix them. jg jg
he32 NOTES In Rev-05 Would be best to avoid normative language in notes. See if they can be fixed easily. koen jg
he33 MMSCHECK In Rev-05 Koen did a check of the MMS audit. fix whatever seems wrong. koen jg

If you have comments or suggestions, email me at jg@w3.org

@(#) $Id: DSI.html,v 1.4 1999/12/15 10:23:08 ylafon Exp $