IETF Logo Mail Archive

Retry safety of HTTP requests

Subodh Iyengar <subodh@fb.com> Tue, 22 March 2016 06:01 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 745F812D660 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 21 Mar 2016 23:01:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.021
X-Spam-Level:
X-Spam-Status: No, score=-7.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RcXjemRB4UeG for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 21 Mar 2016 23:01:03 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 076AD12D75B for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 21 Mar 2016 23:00:55 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aiFIW-0003av-UX for ietf-http-wg-dist@listhub.w3.org; Tue, 22 Mar 2016 05:56:08 +0000
Resent-Date: Tue, 22 Mar 2016 05:56:08 +0000
Resent-Message-Id: <E1aiFIW-0003av-UX@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <prvs=288924f9be=subodh@fb.com>) id 1aiFIO-0003a4-Aj for ietf-http-wg@listhub.w3.org; Tue, 22 Mar 2016 05:56:00 +0000
Received: from mx0b-00082601.pphosted.com ([67.231.153.30]) by lisa.w3.org with esmtps (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <prvs=288924f9be=subodh@fb.com>) id 1aiFIN-0006Ch-51 for ietf-http-wg@w3.org; Tue, 22 Mar 2016 05:55:59 +0000
Received: from pps.filterd (m0001303.ppops.net [127.0.0.1]) by m0001303.ppops.net (8.16.0.11/8.16.0.11) with SMTP id u2M5rbSV002129 for <ietf-http-wg@w3.org>; Mon, 21 Mar 2016 22:55:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : subject : date : message-id : content-type : mime-version; s=facebook; bh=ZvUfvm/Lhz1S1s06HftgjVWI7h1spwxZjQsfv7sef4s=; b=QL0pOyOM6tEZFg4rbNCTFjAI7Jc6WAUXWqJ32BU6kaWGh5Pg511raC+CAQ0sCGXZcisl V5qVC55JDAOwjru8ADb+0RZQKNhpIqkwM9LhQ/TOMKD1rg5Al0/eU2OReFNtve1h9mRi ZU07kpQz6Uznv9KSoaPTlmleElp+1uQwDck=
Received: from mail.thefacebook.com ([199.201.64.23]) by m0001303.ppops.net with ESMTP id 21tfdgpaws-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT) for <ietf-http-wg@w3.org>; Mon, 21 Mar 2016 22:55:35 -0700
Received: from PRN-MBX01-4.TheFacebook.com ([169.254.3.151]) by PRN-CHUB14.TheFacebook.com ([fe80::5977:3d0b:700b:8bb%12]) with mapi id 14.03.0248.002; Mon, 21 Mar 2016 22:55:34 -0700
From: Subodh Iyengar <subodh@fb.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: Retry safety of HTTP requests
Thread-Index: AdGD+PmTSes2/RVSRaaXK0RVsb8KMQ==
Date: Tue, 22 Mar 2016 05:55:33 +0000
Message-ID: <974CF78E8475CD4CA398B1FCA21C8E99564F9FDC@PRN-MBX01-4.TheFacebook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.52.123]
Content-Type: multipart/alternative; boundary="_000_974CF78E8475CD4CA398B1FCA21C8E99564F9FDCPRNMBX014TheFac_"
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-03-22_02:, , signatures=0
Received-SPF: pass client-ip=67.231.153.30; envelope-from=prvs=288924f9be=subodh@fb.com; helo=mx0b-00082601.pphosted.com
X-W3C-Hub-Spam-Status: No, score=-1.1
X-W3C-Hub-Spam-Report: AWL=1.085, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, W3C_NW=0.5
X-W3C-Scan-Sig: lisa.w3.org 1aiFIN-0006Ch-51 898f11fb9a205f38b374504866ffa3dc
X-Original-To: ietf-http-wg@w3.org
Subject: Retry safety of HTTP requests
Archived-At: <http://www.w3.org/mid/974CF78E8475CD4CA398B1FCA21C8E99564F9FDC@PRN-MBX01-4.TheFacebook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31308
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

HTTP/1.1 and the current HTTP/2 spec don't define the concept of retry safety of requests, i.e. when are requests are safe to retry and what are the limits on how retries can be performed by the lower layers.

I believe this is a new item and I'm trying to gauge people's interest in this topic, and whether such an idea has been explored before in the httpwg.

I think defining retry safety will become an important problem in the near future. I can see several use cases if we have a proper definition of retry safety in HTTP:

1) Usually an application like a piece of javascript will create a HTTP request and send it to a browser or mobile app which executes it. The browser or a mobile app might want to retry the request. In unreliable networks, retrying requests is important for reliability. The application could decide that it would create a non idempotent request like a POST, and have an application layer mechanism to enforce idempotence. It could then tell the browser that the request was retry safe because it was enforcing idempotence, and let the browser perform optimizations to retry it depending on network conditions, including caching the request offline, retrying when the network comes back, sending the request across 2 connections on different interfaces, etc.

2) Some transport protocols which treat retry safe requests differently from non retry safe requests. For example in TLS 1.3, idempotent requests may be sent in a 0-RTT flight, which reduces the latency for the request. An application might desire a non idempotent request which is retry safe be sent in this 0-RTT flight.

3) A non-application server such as a load balancer might also desire to know whether or not the client expressed that this request is retry safe so that it may retry this request if the backend fails over offering more reliability to clients.

Currently, the only semantics for an application to express retry safety is via idempotency (the request method). The status quo shows that even this is not expressive enough, since even though GETs are not technically idempotent, some browsers will retry them anyway.

Having an document which would define a new property like retry-safety would help apps take advantage of reliability features of browsers for requests other than GETs and also prepare HTTP to be able to use TLS1.3 effectively.

In our Facebook mobile apps we annotate all the requests that our app makes as retry safe or not and that helps us decide how retry policies should behave for each request. It's been very useful for request reliability.

Would the HTTP-wg be interested in a document describing retry-safety and its limitations?

Cheers,
Subodh Iyengar

v2.23.0 | Report a Bug | By Email