Message-Id: <199612220055.AAA13544>
Subject: official Apache response to AOLs latest mail
To: new-httpd@mail.apache.org (apache)
Date: Sun, 22 Dec 1996 00:55:27 +0000 (GMT)
From: robh@imdb.com (Rob Hartill)
Organization: Internet Movie Database Ltd.
Content-Type: text
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com


We need to send AOL an official response to the mail I forwarded
from George Boyce last night.  I'd suggest the following, but am
happy for someone else to redraft it if it's not to everyone's liking.

-=-=-

Dear Mr Boyce and AOL's web support team,

	I am writing on behalf of the Apache Group in response to your
email of December 20th. The Apache Group is comprised of dozens of volunteer
developers from all over the world contributing a variety of skills for
the purpose of providing a free HTTP server product to the web community.

	The Apache HTTP server software is used by over 40% of web sites
because it delivers a free product that many believe to be far superior to
expensive commercial alternative. It is safe to say that without Apache,
the web would not be as large and exciting as it is today. So it is
with great disappointment that we now find our efforts being undermined by
an action taken by AOL which we can only interpret as political since it
has no technical merit.

	We are of course referring to AOL's decision to block HTTP/1.1
servers from communicating with AOL users. The Group were frankly astonished
by AOL's decision and the sudden unannounced way in which it was implemented.
>From your belated response to numerous requests for an explanation we
are left with the following analysis: AOL HAS FAILED TO KEEP UP WITH
DEVELOPMENTS IN THE HTTP PROTOCOL AND OUT OF FEAR OF THE UNKNOWN  HAS CHOSEN
TO VIOLATE THE BASIC RULES BY WHICH THE WWW OPERATES, UNTIL IT HAS HAD
TIME TO INVESTIGATE THE IMPLICATIONS OF THE LATEST HTTP ENHANCEMENTS.

	To our knowledge, at no time before or after AOL's policy change
did AOL representatives approach the Apache Group or the HTTP Working Group
to inform them of the decision or to confirm that their actions were
either necessary, productive or indeed compliant with the protocols to
which AOL claims to comply.

	In your letter you ask that we consider changing Apache to respond
to HTTP/1.0 client requests with a HTTP/1.0 version identifier. This is
simply unacceptable and unnecessary. Prior to AOL's change of policy its
software had no trouble dealing with tens of millions of HTTP/1.1 responses
generated by hundreds of Apache servers. We'd like to make it quite clear
that Apache will continue to send HTTP/1.1 identification in its responses
to HTTP/1.0 client requests since failure to do so will result in years
worth of research and development work going to waste.

	Apache 1.2 is compliant with the HTTP/1.1 specification. The AOL
software that is refusing to accept the HTTP/1.1 responses are in defiance
of the HTTP/1.0 specification to which they claim to comply.

	At this stage we are totally frustrated at AOL and are in no
mood to humor you with a compromise. AOL's actions and reactions has been
outrageous and damaging both to AOL users and those of us trying to provide
them with services. We strongly request that you rectify this problem
immediately and inform AOL users affected by the problem that contrary to
what they have been led to believe by AOL proxy responses and by misinformed
AOL support staff, the problem was AOL's and that AOL apologizes to them
and to the server operators for the unnecessary interruption.

	To reiterate, Apache's behavior is correct, the Apache Group will
not downgrade its software to cater to AOL software that has been
deliberately engineered to misbehave.

	We look forward to your prompt reply.

			Sincerely,
		
			The Apache Group.

-=-=-=-=-=


> Hi,       
> 
> I am responsible for the operation of the AOL web access service.
> 
> Last week my development team gave me a new version of our system. Among the 
> changes was a "fix" to allow connections only from HTTP/1.0 compliant servers.  
> There are at least four issues with this fix...
> 
> 1. We should not have installed code which changes the behaviour of the service
> without a discussion of the changes. We should have seen the other problems
> coming and taken responsible action to minimize the impact. I think development
> agrees with me but only time will tell.
> 
> 2. We discovered a bug in this code which sometimes incorrectly identified the
> type of headers being returned. A fix for this will be installed as soon as
> possible.
> 
> 3. We have not supported HTTP/0.9 for a while so that was no change.
> 
> 4. But a recent version of the apache server does send HTTP/1.1 headers even
> when contacted by a HTTP/1.0 browser and proxy. After careful thought and loud
> debate, I lost, and we consider this to be inconsistent with the HTTP/1.0 spec.
> We also consider our error message to be consistent with the HTTP/1.1 spec,
> though our service is certainly not HTTP/1.1 compliant, and of course it isn't
> very friendly to our members.
> 
> The 1.0 spec doesn't allow the server to respond with a 1.1 response:
> 
> http://www.w3.org/pub/WWW/Protocols/HTTP/1.0/spec.html
> <<
> HTTP/1.0 servers must:
> ...
>      respond appropriately with a message in the same protocol version used by
> the client.
> >>
> 
> And our proxy is responding with an error as even the 1.1 spec allows.
> 
> http://www.w3.org/pub/WWW/Protocols/HTTP/1.1/draft-ietf-http-v11-spec-07.txt
> <<
> Since the protocol version indicates the protocol capability of the sender, a
> proxy/gateway MUST never send a message with a version indicator which is
> greater than its actual version; if a higher version request is received, the
> proxy/gateway MUST either downgrade the request version, respond with an error,
> or switch to tunnel behavior.
> >>
> 
> In the spirit of making things work, our development team will work on a way to
> downgrade HTTP/1.1 requests and responses to HTTP/1.0. Until then, would you
> folks consider having your server respond to HTTP/1.0 requests with HTTP/1.0
> replies?
> 
> Looking forward to your reply. We certainly want the AOL web access service to
> work with the apache server. Please don't listen to those few who yell at AOL
> for all of our screwups in the past and future. We generally had a reason for
> most of them; it is really difficult to run a reliable service for this many
> people.
> 
> George
> 
> --
> George Boyce
> Director, AOL/GNN Internet Ops, 703.453.4152, Fax: 453.4013, grboyce@aol.net
>