Skip to main content

The Sunset HTTP Header Field
draft-wilde-sunset-header-11

Revision differences

Document history

Date Rev. By Action
2019-05-14
11 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2019-04-29
11 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2019-04-29
11 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2019-04-02
11 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2019-04-01
11 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2019-04-01
11 (System) IANA Action state changed to Waiting on Authors from In Progress
2019-03-29
11 (System) RFC Editor state changed to EDIT
2019-03-29
11 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2019-03-29
11 (System) Announcement was received by RFC Editor
2019-03-29
11 (System) IANA Action state changed to In Progress
2019-03-29
11 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2019-03-29
11 Cindy Morgan IESG has approved the document
2019-03-29
11 Cindy Morgan Closed "Approve" ballot
2019-03-29
11 Cindy Morgan Ballot approval text was generated
2019-03-29
11 Alexey Melnikov IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed
2019-02-22
11 Erik Wilde New version available: draft-wilde-sunset-header-11.txt
2019-02-22
11 (System) New version approved
2019-02-22
11 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2019-02-22
11 Erik Wilde Uploaded new revision
2019-01-11
10 Erik Wilde New version available: draft-wilde-sunset-header-10.txt
2019-01-11
10 (System) New version approved
2019-01-11
10 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2019-01-11
10 Erik Wilde Uploaded new revision
2018-12-29
09 Erik Wilde New version available: draft-wilde-sunset-header-09.txt
2018-12-29
09 (System) New version approved
2018-12-29
09 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2018-12-29
09 Erik Wilde Uploaded new revision
2018-12-20
08 Jean Mahoney Closed request for Telechat review by GENART with state 'Team Will not Review Version'
2018-12-20
08 Cindy Morgan IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation
2018-12-20
08 Ignas Bagdonas [Ballot Position Update] New position, No Objection, has been recorded for Ignas Bagdonas
2018-12-20
08 Benjamin Kaduk
[Ballot comment]
Section 1.1

"pending order" may mean different things to different people.  It's
unclear whether this really matters for this context, though.  (FWIW, my …
[Ballot comment]
Section 1.1

"pending order" may mean different things to different people.  It's
unclear whether this really matters for this context, though.  (FWIW, my
first mental binding was to an ACME "order" object.)

Section 6

Is there any guidance to give about how to determine authenticty and
accuracy?  For example, if HTTPS is used, is the normal TLS server
certificate validation procedure (e.g., of RFC 6125) sufficient?

Section 8

There seems to be two broad classes of consideration here: information
leakage from the entity adding sunset, and interpretation of provided
sunset data by a client.  The former is reasonably well covered, but the
latter seems to be only partially covered, with text noting that the data
may be inaccurate by happenstance.  Is there anything more to say about the
potential for malicious insertion of sunset fields, e.g., by adding the
field with the current time in an effort to DoS clients that treat the
field as authoritative?
2018-12-20
08 Benjamin Kaduk [Ballot Position Update] New position, No Objection, has been recorded for Benjamin Kaduk
2018-12-19
08 Ben Campbell
[Ballot comment]
Why is this informational? It seems to be defining a standard. I see that the shepherd review says it has had insufficient review …
[Ballot comment]
Why is this informational? It seems to be defining a standard. I see that the shepherd review says it has had insufficient review for the standards track. The reasoning should be reflected somewhere in the text of the document. (I agree with Mirja's comment that "experimental" might be the appropriate choice.)

§8: Is there potential to have a sunset header inserted by a malicious intermediary? What would happen if one did?
2018-12-19
08 Ben Campbell [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell
2018-12-19
08 Suresh Krishnan
[Ballot comment]
I agree with Mirja that this would be more appropriate as an Experimental document.

* Section 4:

The document states that HTTP caching …
[Ballot comment]
I agree with Mirja that this would be more appropriate as an Experimental document.

* Section 4:

The document states that HTTP caching is complementary but I think the sunset time needs to put an upper bound on the caching. i.e. I could not see why somebody would cache past a sunset time.
2018-12-19
08 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2018-12-18
08 Adam Roach
[Ballot comment]

Thanks to everyone who worked on this document. I have a handful of minor
comments.

---------------------------------------------------------------------------

I-D Nits reports:

  == Unused Reference: …
[Ballot comment]

Thanks to everyone who worked on this document. I have a handful of minor
comments.

---------------------------------------------------------------------------

I-D Nits reports:

  == Unused Reference: 'RFC6982' is defined on line 405, but no explicit
    reference was found in the text

  -- Obsolete informational reference (is this intentional?): RFC 6982
    (Obsoleted by RFC 7942)

---------------------------------------------------------------------------

Title: "The Sunset HTTP Header"

Nit: "...Header Field"

---------------------------------------------------------------------------

§1:

>  returning the sunset header field.  Section Section 5 discusses how
>  the scope of the Sunset header field may change because of how a
>  resource is using it.

Nit: "Section 5..." (remove repeated "Section")

---------------------------------------------------------------------------

§3:

> 3.  The Sunset HTTP Response Header

Nit: "...Header Field"

>  The Sunset header contains a single timestamp which advertises the
>  point in time when the resource is expected to become unresponsive.

Nit: "...header field..."

>  The Sunset
>  header does not expose any information about which of those behaviors
>  can be expected.

Nit: "...header field..."

---------------------------------------------------------------------------

§4:

I'm glad to see this discussion of caching. I'm curious whether similar
considerations have been given to interaction with search engines (e.g.,
should a web search engine stop returning a resource in its results after a
Sunset date?) and with Archiving (e.g., would archive.org be expected to
remove resources from the archive, as they presently do with robots.txt files,
once the resource has sunset?) I'm guessing the answer to both questions is
"no," but it would be good to be explicit on this point.

---------------------------------------------------------------------------

§5:

>  The Sunset header field applies to the resource that returns it,
>  meaning that it announces the upcoming sunset of that specific
>  resources.

Nit: "...resource."

---------------------------------------------------------------------------

§7.1:

> 7.1.  The Sunset Response Header

Nit: "Header Field"

>  The Sunset response header should be added to the permanent registry

Nit: "header field"

---------------------------------------------------------------------------

§8:

>  In cases where a sunset policy is linked by using the sunset link
>  relation type, clients should be careful about taking any actions
>  based on this information.  It should be verified that the
>  information is authentic and accurate.  Furthermore, it should be
>  tested that this information is only applied to resources that are
>  within the scope of the policy, making sure that sunset policies
>  cannot "hijack" resources by for example providing migration
>  information for them.

These "should"s all seem pretty normative to me. Should the be all-caps?

---------------------------------------------------------------------------

§9:

>  Before the Sunset header even appears for the first time (it may not

Nit: "header field"

>  appear fro the very beginning), it is possible that the resource (or

Nit: "from"
2018-12-18
08 Adam Roach [Ballot Position Update] New position, No Objection, has been recorded for Adam Roach
2018-12-18
08 Alissa Cooper
[Ballot comment]
Please use the RFC 8174 boilerplate in Section 2 rather than the RFC 2119 boilerplate.

I am interested in the answers to Mirja's …
[Ballot comment]
Please use the RFC 8174 boilerplate in Section 2 rather than the RFC 2119 boilerplate.

I am interested in the answers to Mirja's questions.
2018-12-18
08 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2018-12-18
08 Martin Vigoureux [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux
2018-12-17
08 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2018-12-17
08 Spencer Dawkins
[Ballot comment]
Thanks for writing this. I hope it will be used (when resources do sunset).

I'm looking at

  Timestamps in the past SHOULD …
[Ballot comment]
Thanks for writing this. I hope it will be used (when resources do sunset).

I'm looking at

  Timestamps in the past SHOULD be considered to mean the present time,
  meaning that the resource is expected to become unavailable at any
  time.

and thinking (1) "what else could a date in the past possibly mean?", (2) this probably isn't a BCP14 requirement for interworking, so doesn't need to use requirements language, and could more usefully be stated as advice ("it is safest to consider timestamps in the past mean that ..."), and (3) if this is going to be BCP14 requirements language, could you provide any examples of a receiver usefully interpreting a timestime in the past as anything other than "you ought to be very nervous"?

I have worked with implementers in the past who would benefit from a more complete example (including a sunset link relation).

In this text,

  Clients not interpreting an existing Sunset header field can operate
  as usual and simply may experience the resource becoming unavailable
  without getting any notification about it beforehand.

it might be clearer as

Clients not interpreting an existing Sunset header field can operate
  as usual and simply may experience the resource becoming unavailable
  without recognizing any notification about it beforehand.
          ^^^^^^^^^^^

I would have found the combination of Section 1.4 and Section 5 easier to understand if this material had been combined into one section. I recognize that resulting length might not be appropriate in the Introduction.
2018-12-17
08 Spencer Dawkins [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins
2018-12-14
08 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2018-12-14
08 Joseph Salowey Request for Telechat review by SECDIR Completed: Ready. Reviewer: Joseph Salowey. Sent review to list.
2018-12-14
08 Mirja Kühlewind
[Ballot comment]
These comments are mostly for the responsible AD:

1) From the shepherd write-up it sounds like this document should experimental and not informational …
[Ballot comment]
These comments are mostly for the responsible AD:

1) From the shepherd write-up it sounds like this document should experimental and not informational ("it hasn't been widely reviewed or implemented enough to make it standards-track").

2) Why was this document not processed in the httpbis wg. It seems to be fully in scope for httpbis and if there is a suitable wg, I think it is always more appropriate to take the wg track with last call and and respective reviews than an individual submission. If the httpbis wg does not support this doc, it maybe shouldn't be processed in the IETF at all (and could e.g. also be published with the ISE to have a stable reference).
2018-12-14
08 Mirja Kühlewind Ballot comment text updated for Mirja Kühlewind
2018-12-14
08 Mirja Kühlewind
[Ballot comment]
These comments are mostly for the responsible AD:

1) From the shepherd write-up it sounds like this document should experimental and not informational …
[Ballot comment]
These comments are mostly for the responsible AD:

1) From the shepherd write-up it sounds like this document should experimental and not informational ("it hasn't been widely reviewed or implemented enough to make it standards-track").

2) Why was this document not processed in the httpbis wg. It seems to be fully in scope for httpbis and if there is a suitable wg, I think it is always more appropriate to take the wg track with last call and and respective reviews than an individual submission. If the httpbis wg does not support this doc, it maybe shoudn't be processed in the IETF at all (and could e.g. also be published with the ISE to have a stable reference).
2018-12-14
08 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2018-12-07
08 Tero Kivinen Request for Telechat review by SECDIR is assigned to Joseph Salowey
2018-12-07
08 Tero Kivinen Request for Telechat review by SECDIR is assigned to Joseph Salowey
2018-12-06
08 Jean Mahoney Request for Telechat review by GENART is assigned to Jari Arkko
2018-12-06
08 Jean Mahoney Request for Telechat review by GENART is assigned to Jari Arkko
2018-12-04
08 Amanda Baber IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2018-12-03
08 Amy Vezza Placed on agenda for telechat - 2018-12-20
2018-12-03
08 Alexey Melnikov IESG state changed to IESG Evaluation from Waiting for Writeup
2018-12-03
08 Alexey Melnikov Ballot has been issued
2018-12-03
08 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov
2018-12-03
08 Alexey Melnikov Created "Approve" ballot
2018-12-03
08 Alexey Melnikov Ballot writeup was changed
2018-11-29
08 Mark Nottingham
# Shepherd Writeup for draft-wilde-sunset-header-08

## 1. Summary

Mark Nottingham is the document shepherd; Alexey Melnikov is the responsible Area Director.

This specification defines the …
# Shepherd Writeup for draft-wilde-sunset-header-08

## 1. Summary

Mark Nottingham is the document shepherd; Alexey Melnikov is the responsible Area Director.

This specification defines the Sunset HTTP response header field, which
indicates that a URI is likely to become unresponsive at a specified point in
the future. It also defines a sunset link relation type that allows linking to
resources providing information about an upcoming resource or service sunset.


## 2. Review and Consensus

This document has not seen substantial discussion in IETF fora, but the HTTP Working Group is aware of it.  It has been reviewed by the various review teams across the IETF.

## 3. Intellectual Property

The author confirms that to their direct, personal knowledge, all IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79.

## 4. Other Points

As Document Shepherd, I think Informational is appropriate for this document; it's not likely to cause harm, and it may do some good, but it hasn't been widely reviewed or implemented enough to make it standards-track.
2018-11-29
08 (System) IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2018-11-29
08 Erik Wilde New version available: draft-wilde-sunset-header-08.txt
2018-11-29
08 (System) New version approved
2018-11-29
08 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2018-11-29
08 Erik Wilde Uploaded new revision
2018-11-25
07 Mark Nottingham
# Shepherd Writeup for draft-wilde-sunset-header-07

## 1. Summary

Mark Nottingham is the document shepherd; Alexey Melnikov is the responsible Area Director.

This specification defines the …
# Shepherd Writeup for draft-wilde-sunset-header-07

## 1. Summary

Mark Nottingham is the document shepherd; Alexey Melnikov is the responsible Area Director.

This specification defines the Sunset HTTP response header field, which
indicates that a URI is likely to become unresponsive at a specified point in
the future. It also defines a sunset link relation type that allows linking to
resources providing information about an upcoming resource or service sunset.


## 2. Review and Consensus

This document has not seen substantial discussion in IETF fora, but the HTTP Working Group is aware of it.  It has been reviewed by the various review teams across the IETF.

## 3. Intellectual Property

TODO - [[ Confirm that each author has stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79. Explain briefly the working group discussion about any IPR disclosures regarding this document, and summarize the outcome. ]]

## 4. Other Points

As Document Shepherd, I think Informational is appropriate for this document; it's not likely to cause harm, and it may do some good, but it hasn't been widely reviewed or implemented enough to make it standards-track.
2018-11-20
07 (System) IESG state changed to Waiting for Writeup from In Last Call
2018-11-19
07 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2018-11-19
07 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-wilde-sunset-header-07. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-wilde-sunset-header-07. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the Permanent Message Header Field Names registry on the Message Headers registry page located at:

https://www.iana.org/assignments/message-headers/

a single, new message header field will be registered as follows:

Header Field Name: Sunset
Template:
Protocol: http
Status: Standard
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC.

Second, in the Link Relation Types registry on the Link Relations registry page located at:

https://www.iana.org/assignments/link-relations/

a single, new link relation type is to be registered as follows:

Relation Name: sunset
Description: Linking to a resource providing information about a resource's or service's retirement policy and/or information.
Reference: [ RFC-to-be ]
Notes:

As this also requests registrations in a Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC.

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist
2018-11-18
07 Joseph Salowey Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Joseph Salowey. Sent review to list.
2018-11-16
07 Scott Bradner Request for Last Call review by OPSDIR Completed: Has Issues. Reviewer: Scott Bradner. Sent review to list.
2018-10-27
07 Jari Arkko Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Jari Arkko. Sent review to list.
2018-10-26
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Scott Bradner
2018-10-26
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Scott Bradner
2018-10-25
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Joseph Salowey
2018-10-25
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Joseph Salowey
2018-10-25
07 Jean Mahoney Request for Last Call review by GENART is assigned to Jari Arkko
2018-10-25
07 Jean Mahoney Request for Last Call review by GENART is assigned to Jari Arkko
2018-10-23
07 Amy Vezza IANA Review state changed to IANA - Review Needed
2018-10-23
07 Amy Vezza
The following Last Call announcement was sent out (ends 2018-11-20):

From: The IESG
To: IETF-Announce
CC: alexey.melnikov@isode.com, draft-wilde-sunset-header@ietf.org, mnot@mnot.net, Mark Nottingham
Reply-To: …
The following Last Call announcement was sent out (ends 2018-11-20):

From: The IESG
To: IETF-Announce
CC: alexey.melnikov@isode.com, draft-wilde-sunset-header@ietf.org, mnot@mnot.net, Mark Nottingham
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (The Sunset HTTP Header) to Informational RFC


The IESG has received a request from an individual submitter to consider the
following document: - 'The Sunset HTTP Header'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2018-11-20. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  This specification defines the Sunset HTTP response header field,
  which indicates that a URI is likely to become unresponsive at a
  specified point in the future.  It also defines a sunset link
  relation type that allows linking to resources providing information
  about an upcoming resource or service sunset.

Note to Readers

  This draft should be discussed on the ART mailing list
  ().

  Online access to all versions and files is available on GitHub
  ().




The file can be obtained via
https://datatracker.ietf.org/doc/draft-wilde-sunset-header/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-wilde-sunset-header/ballot/


No IPR declarations have been submitted directly on this I-D.




2018-10-23
07 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2018-10-23
07 Alexey Melnikov Last call was requested
2018-10-23
07 Alexey Melnikov Last call announcement was generated
2018-10-23
07 Alexey Melnikov Ballot approval text was generated
2018-10-23
07 Alexey Melnikov Ballot writeup was generated
2018-10-23
07 Alexey Melnikov IESG state changed to Last Call Requested from AD Evaluation
2018-10-23
07 Alexey Melnikov Changed consensus to Yes from Unknown
2018-10-17
07 Alexey Melnikov IESG state changed to AD Evaluation from Publication Requested::External Party
2018-10-17
07 Alexey Melnikov Notification list changed to Mark Nottingham <mnot@mnot.net>
2018-10-17
07 Alexey Melnikov Document shepherd changed to Mark Nottingham
2018-10-16
07 Alexey Melnikov Intended Status changed to Informational from Proposed Standard
2018-10-16
07 Erik Wilde New version available: draft-wilde-sunset-header-07.txt
2018-10-16
07 (System) New version approved
2018-10-16
07 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2018-10-16
07 Erik Wilde Uploaded new revision
2018-09-07
06 Alexey Melnikov Waiting for feedback from HTTPBIS WG mailing list.
2018-09-07
06 Alexey Melnikov IESG state changed to Publication Requested::External Party from Publication Requested
2018-08-29
06 Alexey Melnikov Assigned to Applications and Real-Time Area
2018-08-29
06 Alexey Melnikov
Note added 'Checking with HTTPBIS whether there are any objections to publish.

It is not clear whether this document needs to be Proposed Standard, Informational …
Note added 'Checking with HTTPBIS whether there are any objections to publish.

It is not clear whether this document needs to be Proposed Standard, Informational would suffice for a header field registration.'
2018-08-29
06 Alexey Melnikov Responsible AD changed to Alexey Melnikov
2018-08-29
06 Alexey Melnikov Intended Status changed to Proposed Standard
2018-08-29
06 Alexey Melnikov IESG process started in state Publication Requested
2018-08-29
06 Alexey Melnikov Stream changed to IETF from None
2018-07-17
06 Erik Wilde New version available: draft-wilde-sunset-header-06.txt
2018-07-17
06 (System) New version approved
2018-07-17
06 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2018-07-17
06 Erik Wilde Uploaded new revision
2018-05-07
05 Erik Wilde New version available: draft-wilde-sunset-header-05.txt
2018-05-07
05 (System) New version approved
2018-05-07
05 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2018-05-07
05 Erik Wilde Uploaded new revision
2017-11-12
04 Erik Wilde New version available: draft-wilde-sunset-header-04.txt
2017-11-12
04 (System) New version approved
2017-11-12
04 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2017-11-12
04 Erik Wilde Uploaded new revision
2017-08-03
03 Erik Wilde New version available: draft-wilde-sunset-header-03.txt
2017-08-03
03 (System) New version approved
2017-08-03
03 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2017-08-03
03 Erik Wilde Uploaded new revision
2017-04-28
02 Erik Wilde New version available: draft-wilde-sunset-header-02.txt
2017-04-28
02 (System) New version approved
2017-04-28
02 (System) Request for posting confirmation emailed to previous authors: Erik Wilde
2017-04-28
02 Erik Wilde Uploaded new revision
2016-02-03
01 Erik Wilde New version available: draft-wilde-sunset-header-01.txt
2015-08-03
00 Erik Wilde New version available: draft-wilde-sunset-header-00.txt