From nobody Mon Apr 3 05:40:05 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Sutv+B9LSe7UY5smAcLBUv+/AaI=; b=c4KGIQYdNvWqXpzm q/UnViFkinYGw0nHw51mJBIt6tLVih/QPYhAZWYRE9cxU/ytl6b5Oxreg+H5mLk+ t+1RmsgErdBUqlu2cKW4HDdGdA2Ff6zxRxiGCx84rUiTdbj2ddecrSN3wpqNhXBl 8XUm23r3tuM7QGscqURid7PJhec= Date: Mon, 03 Apr 2017 05:40:00 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Expect CT: Add an example (#321) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58e242a0f1a7a_69713ff3c9343c382147d6"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 12:40:04 -0000 ----==_mimepart_58e242a0f1a7a_69713ff3c9343c382147d6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Would it be possible to include an example in the spec? Something like... Expect-CT: enforce; max-age=3600; report-uri="https://example.com/expect-ct-report" As I believe most developers like to work with examples, rather than just using the spec definition as found under the heading "Response Header Field Syntax". :-) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/321 ----==_mimepart_58e242a0f1a7a_69713ff3c9343c382147d6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Would it be possible to include an example in the spec?

Something like...

Expect-CT: enforce; max-age=3600; report-uri="https://example.com/expect-ct-report"

As I believe most developers like to work with examples, rather than just using the spec definition as found under the heading "Response Header Field Syntax".

:-)


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58e242a0f1a7a_69713ff3c9343c382147d6-- From nobody Mon Apr 3 07:42:30 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=R8ndkJ3iPlHN1jy8m3UPfGnJGXo=; b=YSpG2QcLW4z7hBDv Lv0vXzjoFz57ykFe7qXdZptuUF6Kq47z5DcgXsC167Lig3pCKUL4wVMuP346siXt VMfemJVHWvcLIfF78GYOPcpAqondyHdXxxaZWKKvlNySIdFsXX1inpbJNg4aVeGu vxiBm7vjrgZutob/HuoBaGYAEls= Date: Mon, 03 Apr 2017 07:42:24 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Expect CT: includeSubDomains (#322) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58e25f505ac89_2dd63ff5508f3c2c31207d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 14:42:29 -0000 ----==_mimepart_58e25f505ac89_2dd63ff5508f3c2c31207d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Should the `Expect CT` header also have a `includeSubDomains` directive? In the same way that [Strict-Transport-Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) and [Public-Key-Pins](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Public-Key-Pins) has this feature. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/322 ----==_mimepart_58e25f505ac89_2dd63ff5508f3c2c31207d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Should the Expect CT header also have a includeSubDomains directive?

In the same way that Strict-Transport-Security and Public-Key-Pins has this feature.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58e25f505ac89_2dd63ff5508f3c2c31207d-- From nobody Mon Apr 3 12:07:42 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.178 X-Spam-Level: X-Spam-Status: No, score=-8.178 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.796, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 03 Apr 2017 12:07:38 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1491246458; bh=RdNVEua/9NzsGpoC4OHXgvtmjZUZgi5/CyRRZ1zS69E=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=msQLYHex73+r9iqh6JtXjV/S8yyw9LpamrcdAbJ/JyIxhBI+vfP5EHIyZogQdb4oK c8zw/9q3/7/17QpesKcRX9ZQ4FObORNcoX25+wpVleONodVD0XXPWiSZS6OeQqVt48 NlIu9ZVF7RTKi9nGhSE0eaEqpcfXcHoj4n5whi9s= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58e29d7a6c3db_f153fb916dd3c2c476e4"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 19:07:41 -0000 ----==_mimepart_58e29d7a6c3db_f153fb916dd3c2c476e4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This would require including it in `Vary` on cacheable responses -- something that is going to reduce cache efficiency and also likely to cause operator error. Is the added complexity/risk worth it? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-291242679 ----==_mimepart_58e29d7a6c3db_f153fb916dd3c2c476e4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

This would require including it in Vary on cacheable resp= onses -- something that is going to reduce cache efficiency and also like= ly to cause operator error.

Is the added complexity/risk worth it?

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58e29d7a6c3db_f153fb916dd3c2c476e4-- From nobody Mon Apr 3 12:59:07 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.678 X-Spam-Level: X-Spam-Status: No, score=-7.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.796, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 03 Apr 2017 12:59:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1491249543; bh=AiI6Foaj5FU8JL2BnxrTD2hCA3/D0Lom8bRTqd0qwgU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HVfyJJvPb+3OMVdVtD8mXmMYbMPm5LYix/AUZpTHbDUgPIg6hqVIFcOf4XkpuA0yO BVtjnjOtCheXjXNY+mB2iQTh/Ib8vP3bC+bxce7ogzcqp2Hf7lnbhWSdwYeZTxEFKC RjmxoctVHf+rnvSaxdQdf1eKZcJDnso3ZI2XXKco= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58e2a9873b5a8_70773fcff90b7c381080e1"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 19:59:06 -0000 ----==_mimepart_58e2a9873b5a8_70773fcff90b7c381080e1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Also, I expect Expect-CT to be a somewhat niche feature, so we'd probably be adding wasted bytes to the vast majority of requests. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-291256047 ----==_mimepart_58e2a9873b5a8_70773fcff90b7c381080e1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Also, I expect Expect-CT to be a somewhat niche feature, so we'd probably be adding wasted bytes to the vast majority of requests.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58e2a9873b5a8_70773fcff90b7c381080e1-- From nobody Wed Apr 5 16:15:57 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.393 X-Spam-Level: X-Spam-Status: No, score=-3.393 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=0AlUqb+Kx2Ht5qwJsIHdhZdM40c=; b=U4UqKq2F1rsU4Q5u HRY6fRC0TMmCkBScQgzjuvHtZ7QOz+5H2gNBq/7tf/e87SyJkgaUGC/saFTq8V5O i2HL2PwzlTP0f9i131yClvzZppNsvq1yokWuEvoS6Tyyu+eA1jC2ZgZvj+gwYru2 detHXz6Axr3RPKb/x8LgCP3+Rs0= Date: Wed, 05 Apr 2017 16:15:28 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58e57a907dcef_6a2f3fba57cc7c381798d8"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2017 23:15:56 -0000 ----==_mimepart_58e57a907dcef_6a2f3fba57cc7c381798d8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit i imagine HPACK would compress that out. Without this, is there a way we can deprecate this header from ever being sent by a server? User agent hints? @mnot do we really need to add it on Vary? Clients who get responses with this header and don't support Expect-CT will just ignore it. Clients who get this but have not sent Expect-CT will ignore it. Clients who have deprecated Expect-CT will behave like clients who don't support Expect-CT. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-292024023 ----==_mimepart_58e57a907dcef_6a2f3fba57cc7c381798d8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

i imagine HPACK would compress that out. Without this, is there a way we= can deprecate this header from ever being sent by a server? User agent hin= ts?

@mnot do = we really need to add it on Vary? Clients who get responses with this heade= r and don't support Expect-CT will just ignore it. Clients who get this bu= t have not sent Expect-CT will ignore it. Clients who have deprecated Expec= t-CT will behave like clients who don't support Expect-CT.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyLGtS25PMsE= vhzr6H_SmP_O3VCBUks5rtCCQgaJpZM4MvwJh">mute the thread.3D""

= ----==_mimepart_58e57a907dcef_6a2f3fba57cc7c381798d8-- From nobody Thu Apr 6 21:57:05 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.401 X-Spam-Level: X-Spam-Status: No, score=-5.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 06 Apr 2017 21:56:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1491541019; bh=qcAtlifKmMnXkrYj+HdtRPYjN0WhPKt3Qu6C6ALqmQA=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=1nurILdL8+rZwWsBlbjyAjx5NxdXItnEdP7Ro+SrF4FufogwQbxtY7j4u9m5omPlA dMhXvhfLbvvKxp7MatI/+tOMPkEey3l4QXWpZ05akcLbm/+lLeLD4Xp1PpitRLIGqS JlucQ7Abu+rgF2pixqbI9TO4DLaVreLxKCSG0Za4= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58e71c1bc6d52_3c1c3f94bd6ebc341848e1"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2017 04:57:04 -0000 ----==_mimepart_58e71c1bc6d52_3c1c3f94bd6ebc341848e1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit HPACK does not give infinite efficiency; we're already hearing about the dynamic table thrashing for some sites. If you don't put it in Vary, then an intermediary cache will store the version without the `Expect-CT` hint and serve it to clients that could have used one. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-292438597 ----==_mimepart_58e71c1bc6d52_3c1c3f94bd6ebc341848e1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

HPACK does not give infinite efficiency; we're already hearing about t= he dynamic table thrashing for some sites.

If you don't put it in Vary, then an intermediary cache will store the= version without the Expect-CT hint and serve it to clients = that could have used one.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58e71c1bc6d52_3c1c3f94bd6ebc341848e1-- From nobody Mon Apr 10 02:55:07 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.783 X-Spam-Level: X-Spam-Status: No, score=-5.783 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 10 Apr 2017 02:55:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1491818104; bh=WE3OnIoneeoXGkomeyzMWOFVq+j81DEwvVUgeQ7UsPQ=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=MORwLYPEr0FnaRcA+QPBGGpZBhupRJo8+yN3wdheSMmACWyCG+QCTF3cIVpLqGcCY anWnGACHNr4/GuFkdm/MrbR1w8w2G8XrTcgsp3GfkawjBWqxwukt9/dhMCnMWf/OwW nWYpRBst0jhf52ZWHUy2zZob/A4llY4bFK3c1Fag= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Scoping of Accept-CH (#307) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58eb567822c2a_29de3fee75a6fc2c7802f"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Apr 2017 09:55:06 -0000 ----==_mimepart_58eb567822c2a_29de3fee75a6fc2c7802f Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit > Doesn't "the cookie monster" have to be consulted anyway for every request? If only to work out what to put in the Cookie header? Not from inside the rendering engine, which is where CH headers are added. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/307#issuecomment-292903287 ----==_mimepart_58eb567822c2a_29de3fee75a6fc2c7802f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Doesn't "the cookie monster" have to be consulted anyway for every req= uest? If only to work out what to put in the Cookie header?

Not from inside the rendering engine, which is where CH headers are ad= ded.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
----==_mimepart_58ec2bc2edafd_24e03fc8f9cddc30114876-- From nobody Mon Apr 10 18:06:25 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=y6sdFPYGrr71+d4tpbVea7Rpc98=; b=tvFYEGZIEOGsBcVc jUAZqaF5ULCECvgJAIPY7DwDdaxcpiKzTMb9Bm6/NuBums7+vHuHZ3vqwdPU3sak IC2a3AvNuzgqhdtqbyte7/yzKwUcMrlqxePWRg9EAPE7YPEXgYA48S1VoC1hW8rd z2uEAJpDrI3u3SRUZGwZ+O5QS1U= Date: Mon, 10 Apr 2017 18:06:20 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] frame type 0xb polluted by BLOCKED use 0xc for ORIGIN (#324) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ec2c0c1bf2f_4ad03fa2cb6cbc3836368"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2017 01:06:24 -0000 ----==_mimepart_58ec2c0c1bf2f_4ad03fa2cb6cbc3836368 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit pull #323 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/324 ----==_mimepart_58ec2c0c1bf2f_4ad03fa2cb6cbc3836368 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

pull #323


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58ec2c0c1bf2f_4ad03fa2cb6cbc3836368-- From nobody Mon Apr 10 21:09:46 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.181 X-Spam-Level: X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 10 Apr 2017 21:09:42 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1491883782; bh=AfswTvW0omWdjmcXH6kU4opuj09+1jEFUfrrA8tXDAs=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=qIIM4fO9nUF4iAXr2Sk93ywaL2tOqwMVTMuE5l/y9c6hymwIxoK1Sp0JC3SMLEA5n XwR14/qcGFQLDvbVPmWBA36BkXkhaSc6UTKarKHhf+ajOpBHVsIv5RnI1lSJx4YvJU Ghr3N0srH8DLeWa/t/lHGvo/Mo+r9T7vM5cNq71Y= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] change frame type of origin to 0xc to avoid conflict (#323) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ec57063cbe9_79353f9cefc6dc2c1667e5"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Apr 2017 04:09:44 -0000 ----==_mimepart_58ec57063cbe9_79353f9cefc6dc2c1667e5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Merged #323. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/323#event-1037600569 ----==_mimepart_58ec57063cbe9_79353f9cefc6dc2c1667e5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Merged #323.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58ec57063cbe9_79353f9cefc6dc2c1667e5-- From nobody Wed Apr 12 17:21:37 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.402 X-Spam-Level: X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=8slMr3Uthu5yeQ5es3ACMpxJuLM=; b=Y1DfIiqUAhB4nfI1 nVTBMFveRxAYuITptORuqp9jK16mZcdXv6nOibgpiAE78T6U+9fmR1GnpRUtsLhf Hk+yhzRtNXSht5Sd6P+C5M9x3bSNXDpwyAoB0ovW4kSTvKt4ZehSAMtyk1nr11Ym wrXzpKmDq3r3F1B6hl3+S5yF0JI= Date: Wed, 12 Apr 2017 17:21:33 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Incomplete responses and immutable (#325) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58eec48d2339a_10ed3f8a3e0e1c3c715cf"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 00:21:36 -0000 ----==_mimepart_58eec48d2339a_10ed3f8a3e0e1c3c715cf Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Just wondering out loud -- should immutable have any consideration of whether the response is incomplete, or potentially incomplete (i.e., close-delimited, rather than byte-counted or chunked or h2)? One of the reasons people hit 'reload' is when something on the page seems corrupted. @mcmanus any thoughts? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/325 ----==_mimepart_58eec48d2339a_10ed3f8a3e0e1c3c715cf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Just wondering out loud -- should immutable have any consideration of whether the response is incomplete, or potentially incomplete (i.e., close-delimited, rather than byte-counted or chunked or h2)?

One of the reasons people hit 'reload' is when something on the page seems corrupted.

@mcmanus any thoughts?


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58eec48d2339a_10ed3f8a3e0e1c3c715cf-- From nobody Wed Apr 12 19:28:16 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.798 X-Spam-Level: X-Spam-Status: No, score=-9.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 12 Apr 2017 19:28:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492050492; bh=fS4kNWnJ7Tag+4JH3rbGYmfcPXN6CALAX3QzQw6DAC8=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=CkexsW108LBDNkGC80s67cifQCQdlLu88Frp3ftpEFsbNqV3xHzdQAKRAinLjFpkg r+FZUYjkNQbomfeEWtgxnfCeuC/dSY3hIMdftwwVhz/AEYHlLtGvr7VHanwpBekHxt TMFWXT9d25nS7t9VAa0+WuRCck7iRv+NzJBK8hxQ= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Incomplete responses and immutable (#325) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58eee23c1b579_79e33ff990c85c3498871"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 02:28:14 -0000 ----==_mimepart_58eee23c1b579_79e33ff990c85c3498871 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit so firefox calls this "strongly vs weakly framed". Hitting reload, which normally does conditional revals, doesn't really help with weakly framed things because you just revalidate the etag or LM in the header.. and in the case of truncation (the common fail mode) the header is not what's wrong. so if you're weakly framed we don't do conditional revals at all - we just load unconditionally (the same as if you did a hard reload) because its not really trustworthy. none of this is really an immutable specific issue though. immutable never bypasses 'hard reloads' and that's the only thing that's going to work here.. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/325#issuecomment-293759587 ----==_mimepart_58eee23c1b579_79e33ff990c85c3498871 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

so firefox calls this "strongly vs weakly framed".

Hitting reload, which normally does conditional revals, doesn't really= help with weakly framed things because you just revalidate the etag or L= M in the header.. and in the case of truncation (the common fail mode) th= e header is not what's wrong.

so if you're weakly framed we don't do conditional revals at all - we = just load unconditionally (the same as if you did a hard reload) because = its not really trustworthy.

none of this is really an immutable specific issue though. immutable n= ever bypasses 'hard reloads' and that's the only thing that's going to wo= rk here..

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58eee23c1b579_79e33ff990c85c3498871-- From nobody Wed Apr 12 21:05:17 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.401 X-Spam-Level: X-Spam-Status: No, score=-5.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 12 Apr 2017 21:05:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492056314; bh=c2T9zLHw+MNm1JcQaXvyxt1opZcj4rQWBfRmz3sc6R8=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Y/tBkbLNDDhVJX/c8wypZIMwOQp/gkqGeMTqJ5oVI3/HKAVaWaO22x+FzXOSsuOuP MIQHt1pGOpkhZUUUpH7kECXMjjn3tLmzIgFOeoZyZILcutshJaAsvRWzvhSHzMItk4 TWu42OWfxnYoHY2aNFoNJ5sSdXDZvJJVrUkrKPgc= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Incomplete responses and immutable (#325) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58eef8fa5d8d7_4dcc3ff4a7805c38303389"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 04:05:16 -0000 ----==_mimepart_58eef8fa5d8d7_4dcc3ff4a7805c38303389 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I was wondering if weakly framed content should be unconditionally be requested on a "normal" load, even despite the presence of immutable. See also https://github.com/whatwg/fetch/issues/524 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/325#issuecomment-293774197 ----==_mimepart_58eef8fa5d8d7_4dcc3ff4a7805c38303389 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

I was wondering if weakly framed content should be unconditionally be requested on a "normal" load, even despite the presence of immutable.

See also whatwg/fetch#524


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58eef8fa5d8d7_4dcc3ff4a7805c38303389-- From nobody Thu Apr 13 04:58:29 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=RLLAty4oPE1tUyuIZRJmjolGdoA=; b=pbXjjZzyw2H0mTe2 yTQO2X/+Z+zeZqVdU00YXYoz/Uz+vGqf8MGzUr/Z84N7aGS47ozFw/40ZhzK4yVJ q2PIp0mtTJ8Vn5/Y2VPyOO+T0iC6zoLBPjuMOPJF+Y2e4qsUsJdlRHlqFNfUT4yy bffLIrnet5Tba3e8POXTeJJfBxM= Date: Thu, 13 Apr 2017 04:58:19 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Incomplete responses and immutable (#325) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ef67db92284_f233feb1794dc3812312d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 11:58:28 -0000 ----==_mimepart_58ef67db92284_f233feb1794dc3812312d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit you mean in normal reloads not normal loads, right? (the latter would just mean no-store I think.) and yes, that's what I believe we do.. and it isn't related to the presence of immutable. (Though I admit I think I put it in at the same time as working on immutable because these questions came up.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/325#issuecomment-293871545 ----==_mimepart_58ef67db92284_f233feb1794dc3812312d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

you mean in normal reloads not normal loads, right? (the latter would ju= st mean no-store I think.)

and yes, that's what I believe we do.. and it isn't related to the prese= nce of immutable. (Though I admit I think I put it in at the same time as w= orking on immutable because these questions came up.)

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyEj-Auu7KKC= NFW9S6s3XKICCiII3ks5rvg3bgaJpZM4M8Hyx">mute the thread.3D""

= ----==_mimepart_58ef67db92284_f233feb1794dc3812312d-- From nobody Thu Apr 13 05:02:59 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.402 X-Spam-Level: X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=cVXxmhH/ouPSxT9WGAv3I/+TuBo=; b=aYa5NFuVXWjUtYF0 hySdiluDcaHqoww4KLx2cUO/9C7EtYICIFMVJ6s27DL+wqHBxkmVlZ3KzdYgYnvu cG570xVtX/GOxFUBTupGBaHCh3VqSbC9PAq+KURptFM10BDqUl7O+BslmAzFWa4t dEiMppOprHfX7WFVE44SuAt9nHY= Date: Thu, 13 Apr 2017 05:02:47 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Incomplete responses and immutable (#325) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ef68e7c1c0f_ec63feb1794dc381291ed"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Apr 2017 12:02:58 -0000 ----==_mimepart_58ef68e7c1c0f_ec63feb1794dc381291ed Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit a large component of weakly framed responses are actually buggy responses that we tolerate due to server errors.. e.g. chunked without a 0 chunk or stuff that is short of its content-length -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/325#issuecomment-293873191 ----==_mimepart_58ef68e7c1c0f_ec63feb1794dc381291ed Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

a large component of weakly framed responses are actually buggy responses that we tolerate due to server errors.. e.g. chunked without a 0 chunk or stuff that is short of its content-length


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58ef68e7c1c0f_ec63feb1794dc381291ed-- From nobody Fri Apr 14 11:55:38 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.8 X-Spam-Level: X-Spam-Status: No, score=-4.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=SPcKcM7bB4hsaLw6XARPqqz42Kg=; b=Zgip+QbcZbXoaLrH 8uXSzN5C2xIXQ2tVErlTrjErarvv+SxItRk2MzetxFCnF1alH56FAGNks8p2Jb+k +l3oqus94fLmCS0Ue6NaLMfS+8TAd+DUJK7xKkZDNphvNZhkQVExIBw2NvDsMUsV luQ2SA0/6UYxx/nuc40BOVka4Gc= Date: Fri, 14 Apr 2017 11:55:33 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Definition of Expect-CT is a little unclear (#318) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f11b259afad_3a483fe0bc22fc2c297bc"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Apr 2017 18:55:37 -0000 ----==_mimepart_58f11b259afad_3a483fe0bc22fc2c297bc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Sorry for my delay here. If I'm understanding correctly, then @royfielding's first suggestion is the intention: it's supposed to be a list of directives, some of which may be name=value: ``` Expect-CT = #directive directive = directive-name [ "=" directive-value ] directive-name = token directive-value = token / quoted-string ``` However this changes the format from semicolon-separated directives (`Expect-CT: enforce; max-age=23`) to comma-separated (`Expect-CT: enforce, max-age=23`); is that correct? If so it's a little unfortunate that it'll differ from HPKP/HSTS syntax, which is semicolon-separated directives, but I suppose that's okay. @jcjones how do you feel about that from a Firefox implementation perspective? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/318#issuecomment-294214121 ----==_mimepart_58f11b259afad_3a483fe0bc22fc2c297bc Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Sorry for my delay here.

If I'm understanding correctly, then @royfielding's first suggestion is the i= ntention: it's supposed to be a list of directives, some of which may be na= me=3Dvalue:

   Expect-CT       =3D #directive
   directive       =3D directive-name [ "=3D" directive-value ]
   directive-name  =3D token
   directive-value =3D token / quoted-string

However this changes the format from semicolon-separated directives (Expect-CT: enforce; max-age=3D23) to comma-separated (Expec= t-CT: enforce, max-age=3D23); is that correct?

If so it's a little unfortunate that it'll differ from HPKP/HSTS syntax,= which is semicolon-separated directives, but I suppose that's okay. @jcjones how do= you feel about that from a Firefox implementation perspective?

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyLRpATJVvts= oXdIG3nqojjgP0639ks5rv8ElgaJpZM4Mvxee">mute the thread.3D""

= ----==_mimepart_58f11b259afad_3a483fe0bc22fc2c297bc-- From nobody Fri Apr 14 13:10:09 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.02 X-Spam-Level: X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=GPpBzlkcN+lsi8FiaF2wfkyCAoc=; b=vJW2xUtwgE4xzsZ3 b0BFKPT9EqsYn7CATuZXth8bsaIHauipsorvFPCHjQGOdV8M3s6Z/FtWG2VKTbo/ 46D44pgnnKOmeMB/08AV3h+VUvXiTvYWZrslCYgkgbORNQEtxfCFCQUsxGVhwMWo HR1ci1H2idZLk4cCYIuhMYaMJJ4= Date: Fri, 14 Apr 2017 13:10:05 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Definition of Expect-CT is a little unclear (#318) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f12c9dbce56_4cac3f88444c9c38900c4"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Apr 2017 20:10:08 -0000 ----==_mimepart_58f12c9dbce56_4cac3f88444c9c38900c4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @estark37: Implementation-wise, it's not much work to accept a comma-delimited list instead of semicolons. However, since this is so similar to CSP/HPKP/HSTS, I'd _prefer_ it to have a similar structure of semicolon delineation, particularly since the reporting mechanism looks so much like CSP. It feels like it'd be weird to see the different delimiters side-by-side: ``` add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Content-Security-Policy "default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' ... ; img-src data: 'self'; ... "; add_header Expect-CT "enforce, max-age=1"; ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/318#issuecomment-294227002 ----==_mimepart_58f12c9dbce56_4cac3f88444c9c38900c4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@estark37= : Implementation-wise, it's not much work to accept a comma-delimited l= ist instead of semicolons. However, since this is so similar to CSP/HPKP/HS= TS, I'd prefer it to have a similar structure of semicolon delinea= tion, particularly since the reporting mechanism looks so much like CSP. It= feels like it'd be weird to see the different delimiters side-by-side:

    add_header	           Strict-Transport-Security "max-age=3D3=
1536000; includeSubDomains; preload";
    add_header             Content-Security-Policy "default-src 'self'; scr=
ipt-src 'unsafe-eval' 'unsafe-inline' 'self' ... ; img-src data: 'self'; ..=
. ";
    add_header             Expect-CT "enforce, max-age=3D1";

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyE43YoHVoeQ= 8eESf7oLIEH4Z0njqks5rv9KdgaJpZM4Mvxee">mute the thread.3D""

= ----==_mimepart_58f12c9dbce56_4cac3f88444c9c38900c4-- From nobody Fri Apr 14 13:15:16 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.018 X-Spam-Level: X-Spam-Status: No, score=-7.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Fri, 14 Apr 2017 13:15:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492200912; bh=hybATQnAKmBJ5HTPASoTRUxa9TBV1Z2FDfkMIHQDcjY=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ZUGCpaBQ+OOgGT64YN5Hw+WDvm+r9iU7B7m6wtA+3NPRq293YYBVUwFxsRKZcF8gV R1bLgnC7BoXsl24MUA4gxWOlqltqZ5CEnJ+e7NELSkAFSxVr6kxtJetFLqC9H3e0IS HPPYe5tWpCbxTkJwJlJFV8JVyFFOSEu34mIUC/Qs= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Expect CT: includeSubDomains (#322) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f12dd0d539f_53433fdb11ef3c342348d2"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Apr 2017 20:15:15 -0000 ----==_mimepart_58f12dd0d539f_53433fdb11ef3c342348d2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I've intentionally omitted `includeSubdomains` in Expect-CT. Though I acknowledge that it would be useful to site owners, I don't think we should add it because it considerably increases the size of the footgun, by offering the ability to require CT for subdomains that have never even demonstrated to the UA their CT compliance. (I also suspect that most site owners would primarily use it as a tool to learn about all their subdomains, which is a use that is somewhat orthogonal to Expect-CT's actual purpose.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/322#issuecomment-294228168 ----==_mimepart_58f12dd0d539f_53433fdb11ef3c342348d2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I've intentionally omitted includeSubdomains in Expect-CT= . Though I acknowledge that it would be useful to site owners, I don't th= ink we should add it because it considerably increases the size of the fo= otgun, by offering the ability to require CT for subdomains that have nev= er even demonstrated to the UA their CT compliance.

(I also suspect that most site owners would primarily use it as a tool= to learn about all their subdomains, which is a use that is somewhat ort= hogonal to Expect-CT's actual purpose.)

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
----==_mimepart_58f1443dd505_4bba3fadb9df5c2c9167f-- From nobody Fri Apr 14 14:51:31 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.254 X-Spam-Level: X-Spam-Status: No, score=-3.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=QsLWZbszAAi8fmqmL/m81RaWBH8=; b=sUZo/r8/j3/XIscf 18HQPDoUB++3S+Ulb+XuSM4B55fFzsQhEBI1FN4hH0foOBuboAbWBOHtA2sJaxTQ S9ZangCzG7ae3Xu0+VA1Tk+RC/lj/5/Uwsnzl/PB93Ja8942exKkZvGEM5KeXp+f ShHWoWqee6Apk/vTo76jljvUZXg= Date: Fri, 14 Apr 2017 14:50:53 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Expect CT: includeSubDomains (#322) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f1443d145b8_32b23fd03dae7c3c9818c"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Apr 2017 21:51:29 -0000 ----==_mimepart_58f1443d145b8_32b23fd03dae7c3c9818c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit That's a reasonable approach, if anyone else needs this they could re-open this issue. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/322#issuecomment-294243494 ----==_mimepart_58f1443d145b8_32b23fd03dae7c3c9818c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

That's a reasonable approach, if anyone else needs this they could re-open this issue.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f1443d145b8_32b23fd03dae7c3c9818c-- From nobody Fri Apr 14 17:29:48 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.799 X-Spam-Level: X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=/5XVej0IWBGHLrdsUtdO2hRFiSg=; b=OCyRtQ5bMG/TA8ds gOwTgytJDB8/oxwwBX2dGzgVkTGJJqNDz6+A7jcfOGC2Dtey/8CJ+zMz7WmsUvsP tbGPM0OmfCKNMXOXhXGINEoehvynaaScfBRJcRwde0btv9+sQ5/DTPgbYc8VVb41 cvb0uOUb4wpWXwMWsaFKqIIclAc= Date: Fri, 14 Apr 2017 17:29:43 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f169776850d_61c93fc144e59c381476c7"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Apr 2017 00:29:46 -0000 ----==_mimepart_58f169776850d_61c93fc144e59c381476c7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @siyengar I think that servers could probably just look at User-Agents to determine when the header is no longer applicable for most of the clients contacting them. (I imagine they'll probably end up wanting to keep an eye on the CT policies for the UAs they care about anyway, because the server might not get any value out of Expect-CT even if the UA still supports it. For example, one could imagine a UA that fully requires CT for all certs, but still supports Expect-CT for reporting purposes, in which case a server that is not using reporting would want to not send Expect-CT even though the UA still advertises support for it.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294260505 ----==_mimepart_58f169776850d_61c93fc144e59c381476c7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@siyengar= I think that servers could probably just look at User-Agents to determ= ine when the header is no longer applicable for most of the clients contact= ing them. (I imagine they'll probably end up wanting to keep an eye on the = CT policies for the UAs they care about anyway, because the server might no= t get any value out of Expect-CT even if the UA still supports it. For exam= ple, one could imagine a UA that fully requires CT for all certs, but still= supports Expect-CT for reporting purposes, in which case a server that is = not using reporting would want to not send Expect-CT even though the UA sti= ll advertises support for it.)

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGkNV1YHAOA= ka1reM0wWWO3O7T7lks5rwA93gaJpZM4MvwJh">mute the thread.3D""

= ----==_mimepart_58f169776850d_61c93fc144e59c381476c7-- From nobody Sun Apr 16 12:23:01 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.8 X-Spam-Level: X-Spam-Status: No, score=-9.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 16 Apr 2017 12:22:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492370577; bh=RoyK18b2pvENHY+oiu5jJg3sKwfVnlxk6MPivNzCQPw=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=OSdnQMVeMz7/CSZyrPcy5uo+YeWHKTKRLYeeU7BvAZ5aieJuqU3z9HhwZj7WmIwLb eDd5NlBSsEI9YQg5NE/Q/l3qcMVpByeyDf3penkm3A5uQ0S4vKlzdLXpVEzzU/yC7H rgb/t65Pf1X1TiB0B3Rj+XRhG4Cm80pcipjkGExI= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Definition of Expect-CT is a little unclear (#318) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f3c491872d_51b53fc5fac41c3859516"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Apr 2017 19:23:00 -0000 ----==_mimepart_58f3c491872d_51b53fc5fac41c3859516 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Yes, comma-separated lists is the normal form in HTTP (inherited from the Internet message syntax of email and netnews) because it allows multiple header fields to be appended without changing the semantics of the field. In other words, ``` Expect-CT: enforce, max-age=23 ``` is defined by HTTP to be equivalent to ``` Expect-CT: enforce Expect-CT: max-age=23 ``` which allows various implementation layers/filters to add to a message without rewriting the entire header block. If the comma-separated list syntax is not used, then implementations are forbidden from sending the directives in more than one field and recipients must fail-with-error if more than one field is received. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/318#issuecomment-294369176 ----==_mimepart_58f3c491872d_51b53fc5fac41c3859516 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Yes, comma-separated lists is the normal form in HTTP (inherited from = the Internet message syntax of email and netnews) because it allows multi= ple header fields to be appended without changing the semantics of the fi= eld. In other words,

Expect-CT: enforce, max-age=3D23

is defined by HTTP to be equivalent to

Expect-CT: enforce
Expect-CT: max-age=3D23

which allows various implementation layers/filters to add to a message= without rewriting the entire header block.

If the comma-separated list syntax is not used, then implementations a= re forbidden from sending the directives in more than one field and recip= ients must fail-with-error if more than one field is received.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58f3c491872d_51b53fc5fac41c3859516-- From nobody Sun Apr 16 21:02:12 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.181 X-Spam-Level: X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 16 Apr 2017 21:02:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492401729; bh=PrSAlzOwxd1lUYTECVe7yO4SYT5wABcAytBGSK7wu/w=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=o2zITkdcKCJa2XO32k9mLa1m7gmoAlLdOIGE15dNVYc52P/wBrV5Uwo4m0SUlNwdu dSbywVpZGcdj3Kuu1lGt4Mya/6UQWff/kt36hRghf4MeZwaD1fijoKgPuP3G0gm+u8 7uA190XJNlqQRhhXTsZ2lDxBLCbDZ0aKkfSFivcY= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f43e4122fa2_1ba43fc7971cbc381121f5"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2017 04:02:11 -0000 ----==_mimepart_58f43e4122fa2_1ba43fc7971cbc381121f5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @mnot @estark37 the same problem would occur if the server decides not to send Expect-CT based on UA. Either you send the header to everyone, or if you don't send it to everyone, you have to include a Vary: User-Agent instead of a Vary: Expect-CT. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294400966 ----==_mimepart_58f43e4122fa2_1ba43fc7971cbc381121f5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@mnot <= a href=3D"https://github.com/estark37" class=3D"user-mention">@estark37 the same problem would occur if the server decides not to send Expect-= CT based on UA. Either you send the header to everyone, or if you don't s= end it to everyone, you have to include a Vary: User-Agent instead of a V= ary: Expect-CT.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58f43e4122fa2_1ba43fc7971cbc381121f5-- From nobody Sun Apr 16 21:21:55 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.181 X-Spam-Level: X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 16 Apr 2017 21:21:52 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492402912; bh=s/ac1yaOvuVlq6pwftVksYTtsYEbvKY1rbn9iepWG9o=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TjhTsd/Cv1uj8TEDZlcQKHdk/aMuZBas1tN1ewh0eoGk72X966jnx9FdAmTJt1ioI L0/wL1uCe0V82UWuqgU81XG3o9AHpcZs++bJ+m82GwhL4HWEFwcHnkVXJMEMjTxML5 U2Or+rqmbbZsM/iXY9VsY1ekkeraTVJoR8Bac4tA= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f442e01ff0b_50d3fc7971cbc3867643"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2017 04:21:55 -0000 ----==_mimepart_58f442e01ff0b_50d3fc7971cbc3867643 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @siyengar I just meant that if a server knows (from looking at UA) that 99.9% of its clients are Browsers X, Y, and Z, then it can stop sending Expect-CT when Browsers X, Y, and Z no longer support Expect-CT. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294402406 ----==_mimepart_58f442e01ff0b_50d3fc7971cbc3867643 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@siyeng= ar I just meant that if a server knows (from looking at UA) that 99.9= % of its clients are Browsers X, Y, and Z, then it can stop sending Expec= t-CT when Browsers X, Y, and Z no longer support Expect-CT.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58f442e01ff0b_50d3fc7971cbc3867643-- From nobody Mon Apr 17 01:59:24 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=s66MT0RmgzFxqGSKUXLTQH4nwEQ=; b=wQukf7ARebHovDvf R6cpzjm8/6Nk25vQCphFn7uNRG9X2QxVonuPQ9r+S9ffYWD6I+lGp/hZfAvmnkv+ JFVVF5deUHoBO578u81LBVdWKBNYCqiORv2xatrdPnqsnSEmj0ZuiAooAXW9e6O3 qmGu9aLGtyDlRN3M9mvWC0bOMso= Date: Mon, 17 Apr 2017 01:59:18 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f483e65d2cf_7c723fd6e6c7bc38930af"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2017 08:59:22 -0000 ----==_mimepart_58f483e65d2cf_7c723fd6e6c7bc38930af Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @estark37 - in that case, it would need to include "User-Agent" in the "Vary" field value.... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294435651 ----==_mimepart_58f483e65d2cf_7c723fd6e6c7bc38930af Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@estark37 - in that case, it would need to include "User-Agent" in the "Vary" field value....


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f483e65d2cf_7c723fd6e6c7bc38930af-- From nobody Mon Apr 17 04:12:15 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.8 X-Spam-Level: X-Spam-Status: No, score=-4.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ZWDmzmltONsGbMdFI3IZagqB5mY=; b=BLlERDMgT4lmxyt4 hJbB+6fHjuqi4ifapp1gfNfUV/9DP0MBqt35xVxjabQ9ylJIYTMkMkspDjQK+yYI /hPoeb+v3ZUkXRBJB3PdJRafsTqUhzmMmFo3IQU89xyh3oMUmGcB/ZCOvedwJ4Av m2d9awPf0vXcZJdOfeLm9noajVw= Date: Mon, 17 Apr 2017 04:11:47 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f4a2f316880_55573f8dc7333c3851091"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2017 11:12:15 -0000 ----==_mimepart_58f4a2f316880_55573f8dc7333c3851091 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable as Emily says, this is a niche server feature. The global number of bytes spent advertising to sites unaware of CT is going to be way more than the number of bytes sent bearing the response header. It can be deprecated just as easily by watching market share counters as anything else. I would close the issue wontfix personally. as a total aside - the hpack pressure is normally on the server table not the client one, right? On Mon, Apr 17, 2017 at 4:59 PM, Julian Reschke wrote: > @estark37 - in that case, it would need to > include "User-Agent" in the "Vary" field value.... > > =E2=80=94 > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > , > or mute the thread > > . > --=20 You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294456283= ----==_mimepart_58f4a2f316880_55573f8dc7333c3851091 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable as Emily says, this is a niche server feature. The global number of bytes spent advertising to sites unaware of CT is going to be way more than the number of bytes sent bearing the response header. It can be deprecated just=
as easily by watching market share counters as anything else. I would close=
the issue wontfix personally.

as a total aside - the hpack pressure is normally on the server table not the client one, right?

On Mon, Apr 17, 2017 at 4:59 PM, Julian Reschke <notifications@github.co= m>
wrote:

> @estark37 <https://github.com/estark37> - in that case, it would= need to
> include "User-Agent" in the "Vary" field value....=
>
> =E2=80=94
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/httpwg/http-extensions/issues/317#issuecomment-= 294435651>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAP5sxJDxivobMDE= Hp4bulsjDszXx9Erks5rwynlgaJpZM4MvwJh>
> .
>

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyJzp8NPKTLx= N9r3vfQsMkarhxf9xks5rw0jzgaJpZM4MvwJh">mute the thread.3D""

= ----==_mimepart_58f4a2f316880_55573f8dc7333c3851091-- From nobody Mon Apr 17 18:38:14 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=BmOezeyRvTWoGxjIQ6TnjGq96CA=; b=sUvKyq3ayP6gXsTD /8XUFu/rlCWsjJ+oXJ2PEzYuFGPywsnjoEE3fyxyHAECp8lLjXfiIbQmLR8lacwq 6BpHa/h9LinAmiWxqPjZm31jN/NhV9IowO8nMzcQIm1yBZu4AnxyJho16CTpuPZp pBZTZ+cxuN9KIQt9itAf2Z5JjUM= Date: Mon, 17 Apr 2017 18:38:10 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f56e0266ea4_5eea3fd921879c3896010"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 01:38:13 -0000 ----==_mimepart_58f56e0266ea4_5eea3fd921879c3896010 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @mcmanus that's fair. We can always set Vary: User-Agent if we want to set it for some UAs but not others. It's clunky, but doable. @estark37 I think I'm fine with this rationale and we can close this out. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294647000 ----==_mimepart_58f56e0266ea4_5eea3fd921879c3896010 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@mcmanus that's fair. We can always set Vary: User-Agent if we want to set it for= some UAs but not others. It's clunky, but doable.
@estark37 I think I'm fine with this rationale and we can close this out.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGhI7w-hZgJ= WqC-FdqB582CZnsw0ks5rxBQCgaJpZM4MvwJh">mute the thread.3D""

= ----==_mimepart_58f56e0266ea4_5eea3fd921879c3896010-- From nobody Mon Apr 17 18:45:52 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.12 X-Spam-Level: X-Spam-Status: No, score=-5.12 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 17 Apr 2017 18:45:38 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492479938; bh=DEyHm8nu/03qDRxLY8Zs4+LxJzhc8vLF4j9zjQZKhVA=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=OQewWIk7Ag3jxpbJbgDcBZIy7XhnTqQCtsp5CqhyangdnKdVvlpSh4Kpv9241AQdM DlDkyuhw46VtcjXw+upQxIkBeGAiJ7rfVJahqLb5DxFAgQS2KBBNOpEKeZC+j4QzY7 ZHFiujTg0n/MGijmGUWUZsz+p4iVhM8lwMB3F3Zg= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f56fc21866b_7fdb3fbc432cfc38550e7"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 01:45:51 -0000 ----==_mimepart_58f56fc21866b_7fdb3fbc432cfc38550e7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Personally - I agree with @estark37 and @mcmanus. There's no need to advertise it in `Vary` if the server makes a decision about turning it on/off for **all** requests. That approach is more suitable to this situation IMO. WRT hpack pressure -- numbers are always interesting, of course, but I'm hearing a lot of people on both sides making proposals with the assumption that hpack will take care of their efficiency problems. That's true, but only to a certain point... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294648356 ----==_mimepart_58f56fc21866b_7fdb3fbc432cfc38550e7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Personally - I agree with @estark37 and @mcmanus. There's no need to advertise it i= n Vary if the server makes a decision about turning it on/of= f for all requests. That approach is more suitable to th= is situation IMO.

WRT hpack pressure -- numbers are always interesting, of course, but I= 'm hearing a lot of people on both sides making proposals with the assump= tion that hpack will take care of their efficiency problems. That's true,= but only to a certain point...

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58f56fc21866b_7fdb3fbc432cfc38550e7-- From nobody Mon Apr 17 19:05:44 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.182 X-Spam-Level: X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 17 Apr 2017 19:05:39 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492481139; bh=FSgRM4JS/3vBlvVUFnWnBy3Lx/Lgr7scBzm/Eb63xnQ=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Yd/lYgVgT9TOPLjQdvio4wgZWuh7em5KdiiiceHQ8loLOy/1bOeiwFmXEni/uXxxw kCyu9QD3X1iurrnsaQyclUWUrVPp+geomKpGTp8cf+kEoa6JR4nV315BiWjRRAN8W6 JKqiZIsvW5B8d+AeWFtVcXIWNNqUEpYBIRzSro6s= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f57473ebee7_72ca3ff717777c2c928b3"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 02:05:42 -0000 ----==_mimepart_58f57473ebee7_72ca3ff717777c2c928b3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #317. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#event-1045856429 ----==_mimepart_58f57473ebee7_72ca3ff717777c2c928b3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #317.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f57473ebee7_72ca3ff717777c2c928b3-- From nobody Mon Apr 17 19:05:48 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.254 X-Spam-Level: X-Spam-Status: No, score=-8.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 17 Apr 2017 19:05:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492481140; bh=pHZFENIA/0zUBVmPCfcCeEWsSOvSg1ecacEOuQO0ZsM=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ZQylOh1Db4v5cnaNQm1XaLG1BSBSZIDKttOgiyu5Z0G7Sr9MpdqLymE19sBE+w5Jv /pxh0RIlD6elxCA8Lpzc99W3nv2nuZjG1+hRJnd2DMd84b78nTLtTDHGp7TuxF+6Ol mBOerD6e23uQcAqvDJuI37GuH2QsQ6UDqoOsBre4= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Request header for Expect-CT (#317) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f57474cacf2_31133fc749b13c3080129"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 02:05:43 -0000 ----==_mimepart_58f57474cacf2_31133fc749b13c3080129 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Thanks for the input, everyone. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/317#issuecomment-294651147 ----==_mimepart_58f57474cacf2_31133fc749b13c3080129 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Thanks for the input, everyone.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f57474cacf2_31133fc749b13c3080129-- From nobody Tue Apr 18 00:21:36 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=t1mtVdhNlO2y4obkwU9WuXlioQI=; b=LQtYLi+ggVFkU4jd lFMxWTRl7VQw/x58l3iTCD5njYx0hSwXwOnrikUR2js2xgGu9ruE1Xlw2rBlzwHB RNQcekaOj49fO2Ad8ILP7N+Oj54kS5Kh5e2Lt85OiDxGqH/fpNNXRjfYackevDIn fIgOKdmguiCL/grnkSFSU1eL+20= Date: Tue, 18 Apr 2017 00:21:31 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] change frame type of origin to 0xc to avoid conflict (#323) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f5be7bbaa3c_d343f84b9673c348551"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 07:21:34 -0000 ----==_mimepart_58f5be7bbaa3c_d343f84b9673c348551 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Question for @mcmanus and @mnot, should we somehow reserve 0xb to avoid this problem? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/323#issuecomment-294710951 ----==_mimepart_58f5be7bbaa3c_d343f84b9673c348551 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Question for @mcmanus and @mnot, should we somehow reserve 0xb to avoid this problem?


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f5be7bbaa3c_d343f84b9673c348551-- From nobody Tue Apr 18 00:31:01 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.255 X-Spam-Level: X-Spam-Status: No, score=-3.255 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=h81Ti/JTofXfLLsmOj/ceCyVzSQ=; b=N31iBkY9xD0xhwnR I3cbedRMWw9GhibVCie2G2pIisMskNotPWunG6AbFN9IoD4jbVBFCRK1phpxA15B FqQPHw+jcR3VEIsE76RgnvFQkvyyrO1p+wZS8xnEhyQmaxXcMw7i+YmE/dURGIIY P5Iyq40Y+X4tzrhZ6PwKkBnlKik= Date: Tue, 18 Apr 2017 00:30:55 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] change frame type of origin to 0xc to avoid conflict (#323) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f5c0af6afaf_55643ff302829c38403cf"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 07:30:59 -0000 ----==_mimepart_58f5c0af6afaf_55643ff302829c38403cf Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit If this is fixed in Chrome 59, why bother? Actually, I'd also revert this change. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/323#issuecomment-294713461 ----==_mimepart_58f5c0af6afaf_55643ff302829c38403cf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

If this is fixed in Chrome 59, why bother? Actually, I'd also revert this change.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f5c0af6afaf_55643ff302829c38403cf-- From nobody Tue Apr 18 00:39:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.8 X-Spam-Level: X-Spam-Status: No, score=-4.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=HnDpdQLZcql5P9Ht2biG3rPyMPo=; b=cRE9uWNQpepIGvqx 61szns4w9olB6xy23vWAYI8AkFNyMhsVXejZ3oS5/ZEXlV3xVhTs/jT/sFhO+L/Y JBF77ybk4t1cx8sA7k1oIucwCrzBK1N0SAEaPXoyjE+sq6Y8FsXiUxUOMc9lvjeU d33tx4a8CpOihGfeteiemyt/LHE= Date: Tue, 18 Apr 2017 00:39:29 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Definition of Expect-CT is a little unclear (#318) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f5c2b11b498_2da93f95a259fc3c1139fc"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 07:39:34 -0000 ----==_mimepart_58f5c2b11b498_2da93f95a259fc3c1139fc Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit STS, like Cookie, is a bad example of a microsyntax that doesn't take advantage of the HTTP-native features. Using the non-standard syntax can run afoul of some of the compression measures in HTTP/2. CSP is actually specifically defined as a single string, so the semi-colons are internal to the header field. Note that CSP actively forbids multiple header field values (or makes them all apply equally, I can't remember). In the ways that matter, CSP is actually perfectly compatible with Roy's suggestion. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/318#issuecomment-294715513 ----==_mimepart_58f5c2b11b498_2da93f95a259fc3c1139fc Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

STS, like Cookie, is a bad example of a microsyntax that doesn't take ad= vantage of the HTTP-native features.

Using the non-standard syntax can run afoul of some of the compression m= easures in HTTP/2.

CSP is actually specifically defined as a single string, so the semi-col= ons are internal to the header field. Note that CSP actively forbids multi= ple header field values (or makes them all apply equally, I can't remember)= . In the ways that matter, CSP is actually perfectly compatible with Roy's= suggestion.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyNJswIk2jBo= zytSnr183kg3RxrHKks5rxGixgaJpZM4Mvxee">mute the thread.3D""

= ----==_mimepart_58f5c2b11b498_2da93f95a259fc3c1139fc-- From nobody Tue Apr 18 01:39:53 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=/fCYoO1ysm71pZrj0gq73EKB5Xs=; b=lCt2kA8osTKVQ9vH BnwBKu0BA/IY8ZVj6//fIQJ5387czOl4O1vZha97v7aPA7sHiLhMHKsY/7scpjwq 8lIlsQmhhu69BGIsf9wXeQtChP0WIUBcfA6aCm/6nYrqJQNeEkREUD+BFjxR22QY 7nMrUVaQzJGA5Ez4TZXTkZ1XiNE= Date: Tue, 18 Apr 2017 01:39:49 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] change frame type of origin to 0xc to avoid conflict (#323) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f5d0d57fa59_24cc3fd377925c2c1952a3"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 08:39:51 -0000 ----==_mimepart_58f5d0d57fa59_24cc3fd377925c2c1952a3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Neither. There are still old Chrome versions deployed (some people lag, for various reasons), so it's not safe to use now, but it should be in the not-to-distant future; we just need to wait a while to use it (presumably for another extension). Reserving it for all time would be a bad precedent. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/323#issuecomment-294731301 ----==_mimepart_58f5d0d57fa59_24cc3fd377925c2c1952a3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Neither. There are still old Chrome versions deployed (some people lag, = for various reasons), so it's not safe to use now, but it should be in the = not-to-distant future; we just need to wait a while to use it (presumably f= or another extension).

Reserving it for all time would be a bad precedent.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or mute the thread.3D""

= ----==_mimepart_58f5d0d57fa59_24cc3fd377925c2c1952a3-- From nobody Tue Apr 18 02:47:04 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.799 X-Spam-Level: X-Spam-Status: No, score=-9.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 18 Apr 2017 02:47:00 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492508820; bh=NWLfD3f13x7Iv6XyDv6XEZXd8EpU3jy3PIZ7ripIINg=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=QOUqhdRKzSC7zCN8Nzk2cxxlW4glQF5LF6bXIh+f8I9aby98/yZN495uprJ/cOo8x 9EyT457quYFRlMATFCjgWT8yHt292pcNgeT3Pavm8JESwlYzSB5Bivcv00mytkTC+V bOjquWMGfGg+z3Q2Rkcpeo25h+h2fbaQOsrV5ZT0= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Use stand_alone for markdown (#326) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f5e094ad607_12263fc7e2f5dc3491062"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 09:47:03 -0000 ----==_mimepart_58f5e094ad607_12263fc7e2f5dc3491062 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This includes a common set of processing instructions for the markdown files. The results should be more consistent with other drafts in the repo. This is partly selfish. I found that this is necessary on my machine because java is flaky and kramdown-rfc2629 creates entity references that it can't handle. You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/326 -- Commit Summary -- * Make immutable draft standalone * Make header structure draft standalone -- File Changes -- M draft-ietf-httpbis-header-structure.md (3) M draft-ietf-httpbis-immutable.md (3) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/326.patch https://github.com/httpwg/http-extensions/pull/326.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/326 ----==_mimepart_58f5e094ad607_12263fc7e2f5dc3491062 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

This includes a common set of processing instructions for the markdown files. The results should be more consistent with other drafts in the repo.

This is partly selfish. I found that this is necessary on my machine because java is flaky and kramdown-rfc2629 creates entity references that it can't handle.

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/326

Commit Summary

  • Make immutable draft standalone
  • Make header structure draft standalone

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f5e094ad607_12263fc7e2f5dc3491062-- From nobody Tue Apr 18 03:00:59 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.475 X-Spam-Level: X-Spam-Status: No, score=-0.475 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=3qjIYce9SE4oopuz/YRC2YpPjow=; b=cb/cLLCY3FITae3M Gwa1hMvxhUKdXMyNlsXHuHM8CARixWLESq8XM+LT2tEKRlazTAvFRjZS0jqaEHiU n8rgV+mxVFP/Ut4FqNn+tzZnfZZ/FuI/711KBpkVDTGXTCn9DfTocXe15rbieYdj XFXTOyC+45G+DZIcY0+m7UgXFSs= Date: Tue, 18 Apr 2017 03:00:42 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Use stand_alone for markdown (#326) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f5e3ca461fe_23b23fc7e2f5dc347488"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 10:00:57 -0000 ----==_mimepart_58f5e3ca461fe_23b23fc7e2f5dc347488 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I would recommend to remove all PIs (unless there is one that you think has an actual effect) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/326#issuecomment-294758591 ----==_mimepart_58f5e3ca461fe_23b23fc7e2f5dc347488 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

I would recommend to remove all PIs (unless there is one that you think has an actual effect)


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f5e3ca461fe_23b23fc7e2f5dc347488-- From nobody Tue Apr 18 10:28:38 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.8 X-Spam-Level: X-Spam-Status: No, score=-9.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 18 Apr 2017 10:28:33 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492536513; bh=NkO40b26Vj3gzPFS5q0HgOHacjK+1BB9t184optFTEk=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=ko8gRlVfk6g1sMfS6lWDLwSKdOzzprVg4ysfRCMRx7vLb6GulOR0Y4DFrdqedLNa5 ilwBK/yC+MqJO1CAu4hK5zHqLoPA1Lc/vrcNtPh9uyFF1ArSbmvXSDAZFX89pNKlk0 Rl5SAeKXo46oDSDuFQxwblTVkeVG1aSA2EwK7kR4= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f64cc1e012f_75903fd937dabc2c763a2"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 17:28:37 -0000 ----==_mimepart_58f64cc1e012f_75903fd937dabc2c763a2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This changes Expect-CT to be a comma-separated list of directives (which may be name=value pairs), and adds some examples. Also allows the server to send multiple header fields so that they can be combined, as per https://github.com/httpwg/http-extensions/issues/318#issuecomment-294369176 Fixes issue #318, #321 You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/327 -- Commit Summary -- * Update Expect-CT syntax to match convention -- File Changes -- M draft-ietf-httpbis-expect-ct.md (23) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/327.patch https://github.com/httpwg/http-extensions/pull/327.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/327 ----==_mimepart_58f64cc1e012f_75903fd937dabc2c763a2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

This changes Expect-CT to be a comma-separated list of directives (which may be
name=value pairs), and adds some examples.

Also allows the server to send multiple header fields so that they can be
combined, as per
#318 (comment)

Fixes issue #318, #321

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/327

Commit Summary

  • Update Expect-CT syntax to match convention

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f64cc1e012f_75903fd937dabc2c763a2-- From nobody Tue Apr 18 10:29:10 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.799 X-Spam-Level: X-Spam-Status: No, score=-9.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 18 Apr 2017 10:29:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492536542; bh=GbV2hxjUZ/u9AgG68JxLzM6cCei5oLjRn5lbX+Sftes=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=a0F17/dvOul0hO+8hFvybVWcwxeLL4mVR0v5x64nlSNc6b5Mo8LOSFEAPfcmovKeT Iu8PNAZEthYsduvMT8uoSatFQhQCdM4JsJc4OMsQ4d+tPEivz7dTREr7ZlhllbxVHq wU/fwZ43bA/1gwT9GLtav/yEwOBuX1HiwY5YX16s= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Definition of Expect-CT is a little unclear (#318) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f64cde752e4_6f003f8c900e5c341020c1"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 17:29:08 -0000 ----==_mimepart_58f64cde752e4_6f003f8c900e5c341020c1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Alright, like @jcjones I find it weird that the syntax will be different than HSTS/HPKP/CSP, but I suppose that's okay; Expect-CT will already differ in a couple other subtle ways so I think the syntax difference is not the end of the world. @martinthomson @royfielding @reschke could you please check if https://github.com/httpwg/http-extensions/pull/327 seems reasonable? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/318#issuecomment-294919228 ----==_mimepart_58f64cde752e4_6f003f8c900e5c341020c1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Alright, like @jcjones I find it weird that the syntax will be different than= HSTS/HPKP/CSP, but I suppose that's okay; Expect-CT will already differ = in a couple other subtle ways so I think the syntax difference is not the= end of the world.

@m= artinthomson @royfielding @reschke could you please check if #327 seems reasonable?

=

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58f64cde752e4_6f003f8c900e5c341020c1-- From nobody Tue Apr 18 12:16:08 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.617 X-Spam-Level: X-Spam-Status: No, score=-0.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=qIoI1xoCOmbrH8c+xoVrOiiICro=; b=xJ/bchb1kmzxbkoE /9yi9HS6EuyGJNm6ugqo/HFVL8WWvIxo6TtHzAyIF34zKs3chnoIwei3oEAMeQgy uGa/J1DfzKEfzWWQdlW/TWegq79K1Fp9sUgZdla3gK5BYyEgGKGB0cClG6x48n+D pftTcZJkS+0jrVVGbAVPWIkovj4= Date: Tue, 18 Apr 2017 12:15:43 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f665df3c76d_70083f910c9e7c301683a1"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 19:16:07 -0000 ----==_mimepart_58f665df3c76d_70083f910c9e7c301683a1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit royfielding commented on this pull request. > @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}. +### Examples + +The following examples demonstrate valid Expect-CT response header fields: + +~~~ inline +Expect-CT: max-age=86400,enforce +Expect-CT: max-age=86400,enforce,report-uri="https://foo.test/report" For variation, I suggest adding a single space after the commas for this middle example just to remind readers that spaces here are ignored. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/327#pullrequestreview-33324861 ----==_mimepart_58f665df3c76d_70083f910c9e7c301683a1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@royfielding commented on this pull request.

In draft-ietf-httpbis-expect-ct.md:

> @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT
 
 `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}.
 
+### Examples
+
+The following examples demonstrate valid Expect-CT response header fields:
+
+~~~ inline
+Expect-CT: max-age=86400,enforce
+Expect-CT: max-age=86400,enforce,report-uri="https://foo.test/report"

For variation, I suggest adding a single space after the commas for this middle example just to remind readers that spaces here are ignored.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f665df3c76d_70083f910c9e7c301683a1-- From nobody Tue Apr 18 16:08:37 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=LTxDx/hpF3T5SFBR0yToIIgD83U=; b=ccfX4yoxj9TPc3Eg T0DjA3jnPBZ605ZbREuxZytkAs+5DHymvoOZyGMw/P2sJBDSwTeSeKcVMAHqVBDC iY3yBpqgx77/U+0hmH8wY1ElK/phwgq8nh2OeBTbPUWYfhxLgrtrZ/mkln8CWWYM fY1H0BKyC9B7dTEVT2PRGsJm/ok= Date: Tue, 18 Apr 2017 16:08:33 -0700 To: httpwg/http-extensions Cc: Push In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f69c71db5c4_5a613fabd8d65c2c1031d6"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 23:08:36 -0000 ----==_mimepart_58f69c71db5c4_5a613fabd8d65c2c1031d6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @estark37 pushed 1 commit. 9b6bc1b Add spaces to one of the examples -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/httpwg/http-extensions/pull/327/files/09d261cf025f65b641e3828b03513fe4ffb8ce32..9b6bc1b749c2f022ef6e8347b1c7c3bc5883487a ----==_mimepart_58f69c71db5c4_5a613fabd8d65c2c1031d6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@estark37 pushed 1 commit.

  • 9b6bc1b Add spaces to one of the examples


You are receiving this because you are subscribed to this thread.
View it on GitHub or mute the thread.

----==_mimepart_58f69c71db5c4_5a613fabd8d65c2c1031d6-- From nobody Tue Apr 18 16:09:00 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.183 X-Spam-Level: X-Spam-Status: No, score=-3.183 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=8J4tiY0x1+EnnZOhzVviZGK5Nqo=; b=HDq+gM2R6RHvXrJC EbB2uCwyOU382FYP9M8G7uWVUwGS4ueGKAuyiiNExHfqclJAjFjfeiAWoT0bR9r3 FDYrGSRVWadNAU3peU92O/6aSeQAxQozaQYg0YptoYql+9g/jbjWCww4F6dywkOR nsvKMzwc0JVD/EuXmITCnbMKy3M= Date: Tue, 18 Apr 2017 16:08:55 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f69c87a3b02_4b383fae1c613c302141f"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 23:08:58 -0000 ----==_mimepart_58f69c87a3b02_4b383fae1c613c302141f Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit estark37 commented on this pull request. > @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}. +### Examples + +The following examples demonstrate valid Expect-CT response header fields: + +~~~ inline +Expect-CT: max-age=86400,enforce +Expect-CT: max-age=86400,enforce,report-uri="https://foo.test/report" Done -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/327#discussion_r112085245 ----==_mimepart_58f69c87a3b02_4b383fae1c613c302141f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@estark37 commented on this pull request.

In draft-ietf-httpbis-expect-ct.md:

> @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT
 
 `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}.
 
+### Examples
+
+The following examples demonstrate valid Expect-CT response header fields:
+
+~~~ inline
+Expect-CT: max-age=86400,enforce
+Expect-CT: max-age=86400,enforce,report-uri="https://foo.test/report"

Done


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f69c87a3b02_4b383fae1c613c302141f-- From nobody Tue Apr 18 16:30:20 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.616 X-Spam-Level: X-Spam-Status: No, score=-5.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 18 Apr 2017 16:30:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492558216; bh=vDGPqGUvWEDQvDDjA1Fl7Bg+y0aRgk1d8Fq83IfPMCA=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VrcZnWLP67OOaXBBrt6+Wlivqh3+vIdgyQGnyZzvkVHTopw/XKPhcOQs4Qjvq0FD4 bZp6HtimqdP4XiKpXUePlr37j+Kby+LlsLUgqzruIHfp7EyxxRUnlp582IfchiC4GG MZ9fQNp8b6XVsfWsYNYzIxvAC3qEfmWVqq7AEXFg= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6a188526a4_1a283fa16dba9c3c75858"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 23:30:19 -0000 ----==_mimepart_58f6a188526a4_1a283fa16dba9c3c75858 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit martinthomson approved this pull request. > @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}. +### Examples + +The following examples demonstrate valid Expect-CT response header fields: + +~~~ inline +Expect-CT: max-age=86400,enforce +Expect-CT: max-age=86400, enforce, report-uri="https://foo.test/report" +Expect-CT: max-age=86400,report-uri="https://foo.test/report" I would put a blank line between each example, lest this be confused for a single header block. Also, use foo.example, not foo.test. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/327#pullrequestreview-33376029 ----==_mimepart_58f6a188526a4_1a283fa16dba9c3c75858 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@martinthomson approved this pull request.

In draft-ietf-httpbis-expect-ct.md:

> @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT
 
 `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}.
 
+### Examples
+
+The following examples demonstrate valid Expect-CT response header fields:
+
+~~~ inline
+Expect-CT: max-age=86400,enforce
+Expect-CT: max-age=86400, enforce, report-uri="https://foo.test/report"
+Expect-CT: max-age=86400,report-uri="https://foo.test/report"

I would put a blank line between each example, lest this be confused for a single header block.

Also, use foo.example, not foo.test.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6a188526a4_1a283fa16dba9c3c75858-- From nobody Tue Apr 18 16:32:55 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.183 X-Spam-Level: X-Spam-Status: No, score=-3.183 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=tZKDOchKq+Gi1841qcC8eU/w9JU=; b=lKD3bu0RVZtS/fO8 JDWcz+Tff5UuxxsB7at7S61nU9+S2R1f/ieA0rGjS+MPDvxeTUFQkjGqZbwJhPLw HOqMsP5PcNiF0+QbjYfNRriBMUo0xo47f/6qfhIyUKqzmQ8LfXUVhkPyJRf0Pat2 FZ74dPLc9tkTCV84xb3fSBMcgiY= Date: Tue, 18 Apr 2017 16:32:51 -0700 To: httpwg/http-extensions Cc: Push In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6a223bcc1d_517c3f84b1b5dc34126319"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 23:32:54 -0000 ----==_mimepart_58f6a223bcc1d_517c3f84b1b5dc34126319 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @estark37 pushed 1 commit. 24c59fa Add blank lines, use foo.example -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/httpwg/http-extensions/pull/327/files/9b6bc1b749c2f022ef6e8347b1c7c3bc5883487a..24c59fa033ad57a9cedbbd3ad823c8e12cc64450 ----==_mimepart_58f6a223bcc1d_517c3f84b1b5dc34126319 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@estark37 pushed 1 commit.

  • 24c59fa Add blank lines, use foo.example


You are receiving this because you are subscribed to this thread.
View it on GitHub or mute the thread.

----==_mimepart_58f6a223bcc1d_517c3f84b1b5dc34126319-- From nobody Tue Apr 18 16:33:03 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.617 X-Spam-Level: X-Spam-Status: No, score=-0.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=a9E3Zzpxq/R1J0CbeweNMt7Ub14=; b=p2OMLwhg6/pPlm8C DAxdcXY5zL/xMKp2VLGzBtlyvr95ohU7ZPlj3xvnt1mxIFn2LiEpQd5lgVaeVqEb OvHhr/g10DvLPj410OtQE24CuK5p0+YCtoASDEhkGA38hZNCnCjKqa6wNRUQYAyl 71yo72khq1NK9H86C5zyi9ryK9g= Date: Tue, 18 Apr 2017 16:32:56 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6a228c2c65_4af43fc81ff29c30151322"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 23:32:59 -0000 ----==_mimepart_58f6a228c2c65_4af43fc81ff29c30151322 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit estark37 commented on this pull request. > @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}. +### Examples + +The following examples demonstrate valid Expect-CT response header fields: + +~~~ inline +Expect-CT: max-age=86400,enforce +Expect-CT: max-age=86400, enforce, report-uri="https://foo.test/report" +Expect-CT: max-age=86400,report-uri="https://foo.test/report" Done and done -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/327#discussion_r112088139 ----==_mimepart_58f6a228c2c65_4af43fc81ff29c30151322 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@estark37 commented on this pull request.

In draft-ietf-httpbis-expect-ct.md:

> @@ -274,6 +274,17 @@ delta-seconds = 1*DIGIT
 
 `delta-seconds` is used as defined in Section 1.2.1 of RFC 7234 {{!RFC7234}}.
 
+### Examples
+
+The following examples demonstrate valid Expect-CT response header fields:
+
+~~~ inline
+Expect-CT: max-age=86400,enforce
+Expect-CT: max-age=86400, enforce, report-uri="https://foo.test/report"
+Expect-CT: max-age=86400,report-uri="https://foo.test/report"

Done and done


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6a228c2c65_4af43fc81ff29c30151322-- From nobody Tue Apr 18 18:32:46 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.474 X-Spam-Level: X-Spam-Status: No, score=-0.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=atechYrdpvbBuBDfHkUrssunaeo=; b=vKk2v5PzNRIdKZWR 4xWJO+ZKN6gLoqu5CCpHmgAcq5Xox4xjDNKP5tC5xWv5VbiXhEq27mFrbcagMA1j /gDGLqtzECKLt/CrlrsbOESTHjNfHM2Qsj0aHQwFvw6OLbPL6UF1kfa7B/nSPGk2 NsJPMrCqog4VHg++49riB7OSCm4= Date: Tue, 18 Apr 2017 18:32:43 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Wildcard names (#178) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6be3b399a8_7e523fc9bd5f1c2c1281a1"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 01:32:45 -0000 ----==_mimepart_58f6be3b399a8_7e523fc9bd5f1c2c1281a1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This seems to be overtaken by events; pleas comment if you disagree. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/178#issuecomment-295035343 ----==_mimepart_58f6be3b399a8_7e523fc9bd5f1c2c1281a1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

This seems to be overtaken by events; pleas comment if you disagree.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6be3b399a8_7e523fc9bd5f1c2c1281a1-- From nobody Tue Apr 18 18:32:50 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Zyn7j5T3vaR1QCoQNuMwKrZTpZo=; b=PGpdpAYEYcZ7hrke utDVqGum3tVoCE66inP3e1hRB7zQhLY6zLWbCBX1nJjKH9mr3fpwhCVmCV5O1dr7 GPDlV/g0q+nxuUvDNH8GNYQoZRC9GDJ0W3dPwQMf/S89KIB01IDZEMCQj2r1p+Ee neh7Ex8P77bv8Iw+bUatAMf+Em8= Date: Tue, 18 Apr 2017 18:32:43 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Wildcard names (#178) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6be3b345bf_59f3fec94539c2c46054"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 01:32:45 -0000 ----==_mimepart_58f6be3b345bf_59f3fec94539c2c46054 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #178. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/178#event-1047705450 ----==_mimepart_58f6be3b345bf_59f3fec94539c2c46054 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #178.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6be3b345bf_59f3fec94539c2c46054-- From nobody Tue Apr 18 18:33:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.181 X-Spam-Level: X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 18 Apr 2017 18:33:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492565611; bh=fE9N2kQONblDf6wU7oN/Yr0tTeVnpsUBdhGLJItVITM=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HrAR8Zj+C1qfYV+KJ7tlUl2d0NzGqwhGHV9McydMi5qVaSzDZouLYji/MsPxX0joP 2tUUkSkWiHSiLwYHn2IAdJVg/8RPrCsWosqNGnQYOapgRyW1kqhLezPsAf3zqYZ9rd g7Fdn24+owR8y3Jk2WolnmUT/aLFWI44kx6worj8= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Persistence (#291) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6be6bcf897_74543fb6addc5c3c11533b"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 01:33:34 -0000 ----==_mimepart_58f6be6bcf897_74543fb6addc5c3c11533b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #291. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/291#event-1047706037 ----==_mimepart_58f6be6bcf897_74543fb6addc5c3c11533b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #291.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6be6bcf897_74543fb6addc5c3c11533b-- From nobody Tue Apr 18 18:33:39 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.254 X-Spam-Level: X-Spam-Status: No, score=-3.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=FZq5AerBSnBOkkQw3lmpyI00R7U=; b=u/n3/QFOwHT8ZVm4 5lfLYp4KdroXGHoPS8lNnqu3M6xLPuws75/hlxveq3/hPagYUo+r36iW1axmSv39 X945bmxGaj4UCp4TpG4copUTNlj8zqi57fhjpxz1tUwARy0XtZqv965YKltysGDd PKOG+tUDfLuNiAKZwwOi6uicM6c= Date: Tue, 18 Apr 2017 18:33:32 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Persistence (#291) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6be6c22d98_5e3c3f8a0af71c2c1325ac"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 01:33:34 -0000 ----==_mimepart_58f6be6c22d98_5e3c3f8a0af71c2c1325ac Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Seems like there's no support for this ATM, closing. Comment if you disagree. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/291#issuecomment-295035511 ----==_mimepart_58f6be6c22d98_5e3c3f8a0af71c2c1325ac Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Seems like there's no support for this ATM, closing. Comment if you disagree.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6be6c22d98_5e3c3f8a0af71c2c1325ac-- From nobody Tue Apr 18 18:34:19 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=TaLAesENNV8bCJ9Wq/Sg/58Us6Y=; b=n9iYp4NMdOBHbokM Jlrk1388ggvsY4hhYO9R3ITsaPjVueUqp5sXj4jRUje3Ko0PeZzji4PKlx5x5Pw9 8JV199YzTcsb/L1oaEf0J2n2jn6PCgAB+iaGSj9JUzA/+AjYq7y5kTqLwUouWf3l ayhvKVyJE95hrLfNUwJ1XtfI9+E= Date: Tue, 18 Apr 2017 18:34:16 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] frame type 0xb polluted by BLOCKED use 0xc for ORIGIN (#324) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6be9885d0_6d053fd42a66dc38198523"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 01:34:18 -0000 ----==_mimepart_58f6be9885d0_6d053fd42a66dc38198523 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #324. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/324#event-1047706563 ----==_mimepart_58f6be9885d0_6d053fd42a66dc38198523 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #324.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6be9885d0_6d053fd42a66dc38198523-- From nobody Tue Apr 18 18:38:23 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.254 X-Spam-Level: X-Spam-Status: No, score=-3.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=cAY8jyov6DXaAXRnXoV9sgC7eps=; b=Iw4MQzINEWDZDZNl O4riiOQgrA8MkGBXDvbYoHf8dVyMnQ+uEwmT3bv7juRxBQa9H8Y2rweJdIYbChtU CsuNavicJAoGptVS2GN4NHRibX/qWpIVvJ6J/+8uAx6PRbZ1mXIHxzQ0e2QS5tcI jbDpyxqlhcE8QQ8Y2J0JtXXapyY= Date: Tue, 18 Apr 2017 18:38:04 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] origin frame race condition (not the obvious one) (#314) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6bf7c42d05_63b13f8a0af71c2c98227"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 01:38:21 -0000 ----==_mimepart_58f6bf7c42d05_63b13f8a0af71c2c98227 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit So it sounds like what you really want is a flag that triggers the omit-DNS behaviour? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/314#issuecomment-295036412 ----==_mimepart_58f6bf7c42d05_63b13f8a0af71c2c98227 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

So it sounds like what you really want is a flag that triggers the omit-DNS behaviour?


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6bf7c42d05_63b13f8a0af71c2c98227-- From nobody Tue Apr 18 19:02:32 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.799 X-Spam-Level: X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=3ND04Jgjt+9fOYEjAKh6o7rOTeE=; b=JQt/HtXzTYqxj2nZ WK6xPk9X3yRKxZd5co8FQnBtmTXfRI6HNO9IKpnU33zbCKkhdU3S2TXx8s6VXG8P QcVJhSOy+MMG/air4ew9lQJkajR+AUSaGNEsbW9aY8Lg4T6NoRyJz6igBGhP8CWY BOEA72nJ8LfAeS/EX0xq/zUdbaY= Date: Tue, 18 Apr 2017 19:02:26 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Incomplete responses and immutable (#325) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6c5329c470_5ea53fcecc619c2c568c3"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 02:02:30 -0000 ----==_mimepart_58f6c5329c470_5ea53fcecc619c2c568c3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable The current draft says: Clients SHOULD NOT issue a conditional request during the response=E2= =80=99s freshness lifetime (e.g. upon a reload) unless explicitly overridde= n by the user (e.g. a force reload). What about amending it to: Clients SHOULD NOT issue a conditional request during the response=E2= =80=99s freshness lifetime (e.g. upon a reload) unless explicitly overridde= n by the user (e.g. a force reload), or when the stored response is potenti= ally corrupted (e.g., lacks strong framing). ? --=20 You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/325#issuecomment-295040975= ----==_mimepart_58f6c5329c470_5ea53fcecc619c2c568c3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

The current draft says:

Clients SHOULD NOT issue a conditional request during the respon=
se=E2=80=99s freshness lifetime (e.g. upon a reload) unless explicitly over=
ridden by the user (e.g. a force reload).

What about amending it to:

Clients SHOULD NOT issue a conditional request during the respon=
se=E2=80=99s freshness lifetime (e.g. upon a reload) unless explicitly over=
ridden by the user (e.g. a force reload), or when the stored response is po=
tentially corrupted (e.g., lacks strong framing).

?

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyEDz5YMQnPe= rx7V_8AP95-nfIHh5ks5rxWsygaJpZM4M8Hyx">mute the thread.3D""

= ----==_mimepart_58f6c5329c470_5ea53fcecc619c2c568c3-- From nobody Tue Apr 18 19:26:46 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.395 X-Spam-Level: X-Spam-Status: No, score=-8.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 18 Apr 2017 19:26:43 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492568803; bh=QrFTKRA3KpYYILLS+F4bDh41z/KP35Kwwm10FIX1wwc=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=KIcwhaF3KApH8e+nRtckvHypMc1qqC0wIuaRgNbw6YB7DRIfyoIGIIA+1Ypd/n37p Uq5BISNlf4RaczKYgHB1bbm8PK9CDt/m1PJcMipsKRgDZPed0FjAEzC7367jDjxYb9 YiFFPxwrMrEk0pZwDQ5O4NfjIx7/lZel0CukOAY8= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Editorial suggestions (#328) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6cae3422c7_3d693fb360075c3018133"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 02:26:45 -0000 ----==_mimepart_58f6cae3422c7_3d693fb360075c3018133 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit ... for your consideration; feel free to take, discard, or do whatever else you like :) You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/328 -- Commit Summary -- * Editorial suggestions -- File Changes -- M draft-ietf-httpbis-early-hints.md (79) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/328.patch https://github.com/httpwg/http-extensions/pull/328.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/328 ----==_mimepart_58f6cae3422c7_3d693fb360075c3018133 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

... for your consideration; feel free to take, discard, or do whatever else you like :)

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/328

Commit Summary

  • Editorial suggestions

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f6cae3422c7_3d693fb360075c3018133-- From nobody Tue Apr 18 21:12:42 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=31zoI26wzX4Hr0UUiWv26xgp/YM=; b=DZCsvkCKMrizTivR inpInoQV01jq6KUYc5uEyveNNKhvecezrIFZuHsXYA7qLVQOPdw/qWpOtXa7m+ua gkgwLOnMHp8/nHGYRgJIszDxmgLvoP7fuvfzdzaweVobkrjWCTtQ5VXojkrnCNIK V0dLYbrK2/ULBAERK+bZj/+9RWI= Date: Tue, 18 Apr 2017 21:12:39 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] origin frame race condition (not the obvious one) (#314) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f6e3b72f2bb_5cb33fea273c3c2c92638"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 04:12:42 -0000 ----==_mimepart_58f6e3b72f2bb_5cb33fea273c3c2c92638 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit given a little time to let this issue breathe I think the right thing to do might be to just highlight the issue with a little text suggesting that frames should be atomic, which might lead folks to pack their frames rather than doing 1 per origin.. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/314#issuecomment-295075771 ----==_mimepart_58f6e3b72f2bb_5cb33fea273c3c2c92638 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

given a little time to let this issue breathe I think the right thing to= do might be to just highlight the issue with a little text suggesting that= frames should be atomic, which might lead folks to pack their frames rathe= r than doing 1 per origin..

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyJl3k2tFgtc= BkQwtXyasAqvgj14Tks5rxYm3gaJpZM4MihWP">mute the thread.3D""

= ----==_mimepart_58f6e3b72f2bb_5cb33fea273c3c2c92638-- From nobody Tue Apr 18 23:20:45 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.253 X-Spam-Level: X-Spam-Status: No, score=-8.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 18 Apr 2017 23:20:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492582837; bh=44s7nq3Yeg6u232ZV3+ZpJKNWyoxUo5Mpyxf5GTuKCM=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=rBmT7D9FBptAKc/425hvrII6SGOup2e8u05gZaOEVICWsXC8gOOHX1yOHAHRLIiW0 DFyEyEXH9Cr64VQaQwpRDLBUD9PB+eM16TRIuW3+EfHPAaAGR83uJz5/CVfYlfAfDI 9ZdTJJcMTdynOy7qqjZI63vY5sbIvV4C/P7uLIAY= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] origin frame race condition (not the obvious one) (#314) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f701b54acc4_275e3f8b8f2d1c341861c"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 06:20:44 -0000 ----==_mimepart_58f701b54acc4_275e3f8b8f2d1c341861c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @mcmanus how's that? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/314#issuecomment-295115708 ----==_mimepart_58f701b54acc4_275e3f8b8f2d1c341861c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mcmanus how's that?


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f701b54acc4_275e3f8b8f2d1c341861c-- From nobody Wed Apr 19 11:31:55 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.253 X-Spam-Level: X-Spam-Status: No, score=-8.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 19 Apr 2017 11:31:52 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492626712; bh=LDaUpzmBo4HW56GWPnPmW2ANwBgUpDNqqqPpaeZAd90=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=hAh4/b6Vw7ZMekYXIsMHhHuZk4gclWDs1JOJkZlLcwndMTZx/I3ukFGx8BMzlTUxV N7nN90acfAZA4O2ns3JuVKbRrhZc6HQYiMjzTldXuuuDu9exkkOth8OOypF7OIJJeB Wn4cWF2BC3wu4X+52Xk6mSx44F0xmBnzaVt6+/5o= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] origin frame race condition (not the obvious one) (#314) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f7ad1860b46_34713ff613149c3883952"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 18:31:54 -0000 ----==_mimepart_58f7ad1860b46_34713ff613149c3883952 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit sure. thanks -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/314#issuecomment-295380886 ----==_mimepart_58f7ad1860b46_34713ff613149c3883952 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

sure. thanks


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f7ad1860b46_34713ff613149c3883952-- From nobody Wed Apr 19 12:51:34 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.402 X-Spam-Level: X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=A2Yrt5A8ivPtOv+Gy4Bt4cM6bnc=; b=DJQSQriH6BTFp8Qu VHK2WjgPJ8d69ZrbIN2FxRKNhwky14zCg/V1XFY2odeONiW9m1ttAngip3X3oxbn FW4HyD3FaYC8GnBWuvnikQ+JXHrK4maiU9Vgi3m7WbK8m7SiGEmZSo09bBbKk+lM xpbrI0UeQY6/UAlQM21LvbSSQzo= Date: Wed, 19 Apr 2017 12:51:26 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Update Expect-CT syntax to match convention (#327) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f7bfbeae664_bca3fea68905c3070956"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Apr 2017 19:51:33 -0000 ----==_mimepart_58f7bfbeae664_bca3fea68905c3070956 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Merged #327. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/327#event-1049257904 ----==_mimepart_58f7bfbeae664_bca3fea68905c3070956 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Merged #327.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f7bfbeae664_bca3fea68905c3070956-- From nobody Wed Apr 19 17:34:24 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=WpAWlC1oE7/PPXiFIj3iNPJ8j/Y=; b=kRlLjM9B8tp0FXx+ nOrbRkQY95agG8U3BduAe81HF8JfBFfO906iRuihb7K+b9EVOxGnCkHeDBGM32Ly fqaV5p43zWEZh6Ly8t1chfOAgBMjrl5RJG3fpfC8L0yLnlmfy2Cc8gJyfHFkNT+T E2m8aiSs9k69F1TPBdHj9gypdWM= Date: Wed, 19 Apr 2017 17:34:21 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] origin frame race condition (not the obvious one) (#314) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f8020de7c8_44053fafa8f65c38934d6"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 00:34:23 -0000 ----==_mimepart_58f8020de7c8_44053fafa8f65c38934d6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #314. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/314#event-1049624232 ----==_mimepart_58f8020de7c8_44053fafa8f65c38934d6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #314.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f8020de7c8_44053fafa8f65c38934d6-- From nobody Wed Apr 19 19:38:55 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.182 X-Spam-Level: X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 19 Apr 2017 19:38:51 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492655931; bh=7p9GEH/Sgg/Mv7QoXorqc1h/VOhbBDT7x1SQYkBLeOY=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=1WL8hI1m8GlK7fqAhpNKOm2h9sqX8vmeqmw9igEdGPOXFaif6i5MIXYxbMVFZjQYN F96tx/Hso4fG0TO4PzX9qCe2VhBJ0s4wiy2Dg7TH9VGku32cj4xKXfm55uI6uEwIXs WR7W5dvX+k67X095dr/i7gwierd4ty/+gzK6oBqs= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Specify how origin frames interact with Altsvc (#214) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f81f3ba63e9_62393faee1fb1c2c7136c"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 02:38:54 -0000 ----==_mimepart_58f81f3ba63e9_62393faee1fb1c2c7136c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #214. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/214#event-1049748558 ----==_mimepart_58f81f3ba63e9_62393faee1fb1c2c7136c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #214.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f81f3ba63e9_62393faee1fb1c2c7136c-- From nobody Wed Apr 19 19:39:04 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.397 X-Spam-Level: X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=8Y+8VuJA43J/7w70x70AztiIRL4=; b=sR6094xg0oCSK/iY IuD3lQ+bM0o7XZAjOHf4HQos6gEtfZaDV38rsrf4n2V0BeGSwdHXX57ysCR98LOo ulzPHXHWBhPKYxujBpbF+RdADl1J/LghWt9O3NBvoJz3KawsB2Zfdfpzjen34SCF cRKziPJyIkiE6V8yB3S/IYgEjGc= Date: Wed, 19 Apr 2017 19:38:51 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Specify how origin frames interact with Altsvc (#214) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f81f3bc6ccb_708f3f8e236a9c301168d4"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 02:38:55 -0000 ----==_mimepart_58f81f3bc6ccb_708f3f8e236a9c301168d4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Current draft has: > Finally, servers that allow alternative services {{?RFC7838}} will need to explicitly advertise those origins when sending ORIGIN, because the default contents of the Origin Set (as per {{set}}) do not contain any Alternative Services, even if they have been used previously on the connection. I think this addresses the concern. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/214#issuecomment-295555910 ----==_mimepart_58f81f3bc6ccb_708f3f8e236a9c301168d4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Current draft has:

Finally, servers that allow alternative services {{?RFC7838}} will need = to explicitly advertise
those origins when sending ORIGIN, because the default contents of the Orig= in Set (as per {{set}})
do not contain any Alternative Services, even if they have been used previo= usly on the connection.

I think this addresses the concern.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyE2vium_LE8= Kq50HLaDp6JKUmiynks5rxsU7gaJpZM4JOqjW">mute the thread.3D""

= ----==_mimepart_58f81f3bc6ccb_708f3f8e236a9c301168d4-- From nobody Wed Apr 19 20:03:02 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.254 X-Spam-Level: X-Spam-Status: No, score=-8.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 19 Apr 2017 20:02:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492657379; bh=/Y0suT8XEo5yfL1cYj3Ydpy607GnS6M1Y7KRXxlpEEI=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VJsxVi2wpBQbCaWeUIY7XDG6g3dGtxg8PqHLn2cJiKmtJ6E/dEfG/CMGPwRh/WxQ2 lrD3fuItoWY4/MarPfJPUQ4L0uhEDHo4xjksBTX5LguYCZPb6B/hZbyAn5fjXFIqbV maP0EsyUs1/V+KmH03eg3lIaG5RdByvjW3SKfx/U= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Specify how origin frames interact with Altsvc (#214) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f824e381545_589d3fc954fd5c3421584b"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 03:03:02 -0000 ----==_mimepart_58f824e381545_589d3fc954fd5c3421584b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit "those origins" might be better stated as "origins that have alternative services" -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/214#issuecomment-295561287 ----==_mimepart_58f824e381545_589d3fc954fd5c3421584b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

"those origins" might be better stated as "origins that have alternative services"


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f824e381545_589d3fc954fd5c3421584b-- From nobody Wed Apr 19 20:03:49 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.396 X-Spam-Level: X-Spam-Status: No, score=-8.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 19 Apr 2017 20:03:44 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492657424; bh=WY30gfod+IdJs3othmeL+/37GT/8wZMd7g43t30lIMM=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=wz0qD0s20RR4b2rJAtBKmnE6xDvihZZa4qTJwf9csJrs/ru0Dp0+hWgOR8RrPoJaF PM9Cf3ud9zRVXV5JTDiiEK5dH6KJcvn74tylYTi6TkcNapjHC3Vdm3BMX3zmaQxu38 9pxsdXLqa0/HNSgJCD+NOd+Wm1dxmzn2LM7iy3kg= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Specify how origin frames interact with Altsvc (#214) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f8251018914_5e8c3ffc8bf1bc3410715d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 03:03:46 -0000 ----==_mimepart_58f8251018914_5e8c3ffc8bf1bc3410715d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I changed it to: > Finally, servers that host alternative services {{?RFC7838}} will need to explicitly advertise their origins when sending ORIGIN, because the default contents of the Origin Set (as per {{set}}) do not contain any Alternative Services' origins, even if they have been used previously on the connection. ... about five minutes ago. Good enough? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/214#issuecomment-295561427 ----==_mimepart_58f8251018914_5e8c3ffc8bf1bc3410715d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I changed it to:

Finally, servers that host alternative services {{?RFC7838}} will need= to explicitly advertise
their origins when sending ORIGIN, because the default contents of the Or= igin Set (as per {{set}})
do not contain any Alternative Services' origins, even if they have been = used previously on the
connection.

... about five minutes ago. Good enough?

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58f8251018914_5e8c3ffc8bf1bc3410715d-- From nobody Wed Apr 19 20:04:33 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.754 X-Spam-Level: X-Spam-Status: No, score=-7.754 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 19 Apr 2017 20:04:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492657470; bh=3KJqFkjsyAPioL5ijt6DmxaFvQ0/EEYZRHtaKt0Lrrw=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=w2Z8t50MFmkBc1XRRzNcXTmEdoVtKQsypqKEJB57ortRk9GMS1/rnN9RMu+jt+mA3 XEkalf2tptNYw23p+YVyIUsBTE8wO5VR1lizF1ihciJCW0UgWo3py/ioRf7CxCExXS ydKdu4/1or8wzVrb1PPMQV89ymwa1L6Kg6J4ekBQ= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Specify how origin frames interact with Altsvc (#214) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f8253e5ef32_40d33fc954fd5c3499926"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 03:04:32 -0000 ----==_mimepart_58f8253e5ef32_40d33fc954fd5c3499926 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Absolutely! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/214#issuecomment-295561629 ----==_mimepart_58f8253e5ef32_40d33fc954fd5c3499926 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Absolutely!


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f8253e5ef32_40d33fc954fd5c3499926-- From nobody Thu Apr 20 06:50:29 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.019 X-Spam-Level: X-Spam-Status: No, score=-7.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 20 Apr 2017 06:50:18 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492696218; bh=1oMnPOb9EMz8ndexfARzt4sXYHdbQvV/Xse51OY9dGs=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=hR5b37JdYdnumsvWBIYMoxTFXF/KOxpVjtn2lBQy0ccTcPMAo8eRP0SR10qOQaLGb yEHmrzZalXGTtZqttfKCWUcNt4RJVFnN6xWyzTLaxeHWExYToVGzQyL0MujC3ksCHR OiIErmc6bcJjgNUScPCypzzjrdpiGJqtkampNrwE= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Two editorial nits. (#329) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f8bc9ac71aa_5863fef46277c3c623fb"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 13:50:27 -0000 ----==_mimepart_58f8bc9ac71aa_5863fef46277c3c623fb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit 1. Fix one typo. 2. Technically, a set is always a subset of itself. Therefore current wording implies that if two connections have identical Origin Sets, then neither should be used for new requests, and both should be closed. Fix this by saying "proper subset" instead of "subset". You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/329 -- Commit Summary -- * Two editorial nits. -- File Changes -- M draft-ietf-httpbis-origin-frame.md (6) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/329.patch https://github.com/httpwg/http-extensions/pull/329.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/329 ----==_mimepart_58f8bc9ac71aa_5863fef46277c3c623fb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
  1. Fix one typo.
  2. Technically, a set is always a subset of itself. Therefore current wording implies that if two connections have identical Origin Sets, then neither should be used for new requests, and both should be closed. Fix this by saying "proper subset" instead of "subset".

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/329

Commit Summary

  • Two editorial nits.

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f8bc9ac71aa_5863fef46277c3c623fb-- From nobody Thu Apr 20 10:00:48 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.182 X-Spam-Level: X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 20 Apr 2017 10:00:44 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492707644; bh=+SXEwGU8UaC3rXhmshzLE9zIFUgb9W7v3cRKHveXs5E=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=WZoY5sTlrdkJwoIY8RzUJjwC1OrcPOJLoLVbStGhHWLeuT6ShLh1k2ghqC7JG5/Xn Qrl9969wX4Cl/zluDBMfsTfGeBqJR+naudcgJc97gsKgi9yp2vrK+PvNWCDgh0qaXi G4Tg9m1odF+Hc6WcgC4PgkyYe0m7V8kv/0ZYx6cU= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Expect CT: Add an example (#321) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f8e93ce44f7_2b1b3fabe93d5c3c36741"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 17:00:47 -0000 ----==_mimepart_58f8e93ce44f7_2b1b3fabe93d5c3c36741 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #321. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/321#event-1050941987 ----==_mimepart_58f8e93ce44f7_2b1b3fabe93d5c3c36741 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #321.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f8e93ce44f7_2b1b3fabe93d5c3c36741-- From nobody Thu Apr 20 10:01:18 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.183 X-Spam-Level: X-Spam-Status: No, score=-3.183 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ln7lZAE9neSq+SMD55ChPsVyUlo=; b=Mgd32PVq5OsFmOkE xinfqBzxvmCoIFvUlMJW1YFJPaxCwsvbIA1mPeSvjapdoF3q4NAtUyj1oh22MVDz V6lIdtR2ihDn3nSbFsT217crGdD1ycFDMZbd50im+sfQtIUcxU32CaYTN+wupK5P yH7QOvjrLYO6MDaYLqKZKmBYanQ= Date: Thu, 20 Apr 2017 10:00:50 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Definition of Expect-CT is a little unclear (#318) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f8e9429ff30_7ef33fce2e22bc3024944"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2017 17:01:17 -0000 ----==_mimepart_58f8e9429ff30_7ef33fce2e22bc3024944 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #318. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/318#event-1050942133 ----==_mimepart_58f8e9429ff30_7ef33fce2e22bc3024944 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #318.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f8e9429ff30_7ef33fce2e22bc3024944-- From nobody Thu Apr 20 17:23:27 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.402 X-Spam-Level: X-Spam-Status: No, score=-5.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 20 Apr 2017 17:23:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492734202; bh=7+1NiChFDGWJQFIiJxKLqStIi/B/LN+3W4OohJQrBMc=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Fh3AbcwTpAoEbhndRLzF2ST5xucaMONqyNbPAWTgXzwo0NTtS+FeLJlfqHIFZpQks LyikWnAEqGI8lnea2EkJZKocXOELiEd0UMFZAZi6LGk7G+nEb/A/4xxqjdvnCjbGJ3 tQZ8YdDw/lukyfdmcnHwBhz85SUAAZu4zIMMKGEU= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Two editorial nits. (#329) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f950fad3558_22483fc8d452bc3c44657"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 00:23:25 -0000 ----==_mimepart_58f950fad3558_22483fc8d452bc3c44657 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Merged #329. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/329#event-1051579698 ----==_mimepart_58f950fad3558_22483fc8d452bc3c44657 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Merged #329.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f950fad3558_22483fc8d452bc3c44657-- From nobody Thu Apr 20 17:23:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.475 X-Spam-Level: X-Spam-Status: No, score=-0.475 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=OBiCIBAeSh+5jFlrDrShdgIrzic=; b=bTbfEk68LuujH6F1 KyNvJfxBi7i4bqVGY/cm3J5m6Ekkqeohn2tfSCNHkBka1JretAqxkG2TTKaNXi/y /cvu+bIVNtSSeDEiO5VqvlTv6MDobLaAFruybA6A9ccX9DpsiHDvuyO0UN3/GhGk D8sQsUjYdH6WbAondSFRdUomz6k= Date: Thu, 20 Apr 2017 17:23:27 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Two editorial nits. (#329) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58f950ff75302_2a063f8b7dd93c38171e4"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 00:23:29 -0000 ----==_mimepart_58f950ff75302_2a063f8b7dd93c38171e4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Thanks! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/329#issuecomment-295983763 ----==_mimepart_58f950ff75302_2a063f8b7dd93c38171e4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Thanks!


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58f950ff75302_2a063f8b7dd93c38171e4-- From nobody Fri Apr 21 14:21:19 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.02 X-Spam-Level: X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ag2eNTK9ToVnrsNCKnAZQra6YVU=; b=TaDqXjfvIGbEfZuT YjMh5t1g6QMKEqIzIGcPEdJVqccgu/oNvDQ4DXcoEOch1mBPipr8aXWKtLSvmnAk G/rN0Bx/9Zu+ngOAY2zv4/zwbPr7PZLqLrkYDoqq2CaeIU1fFzd7gq2BcF33ovFV XcUCdWT3UMTzTjRQRlVG5GhFV/4= Date: Fri, 21 Apr 2017 14:21:14 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? [origin-frame] (#330) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58fa77ca8cf94_764b3ff2a88bfc3858813"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 21:21:17 -0000 ----==_mimepart_58fa77ca8cf94_764b3ff2a88bfc3858813 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit The current ORIGIN frame draft (as of the changes introduced from #212) now prohibits consulting DNS when establishing a connection's authority, as long as the TLS certificate is consulted: > Clients MUST NOT consult DNS to establish the connection's authority for new requests. The TLS certificate MUST stil be used to do so, as described in [RFC7540] Section 9.1.1. As @MikeBishop pointed out during discussion in Chicago, this is the first draft that explicitly removes DNS from the loop as a factor, rather than just delegating DNS. I did not get the sense that strong consensus exists yet for removing DNS as a factor without an additional authenticator. Particular concerns (some of which are highlighted in the Security Considerations) include: * When a cert (or validation behavior) is compromised, currently active MitM or DNS poisoning is required to exploit. This new behavior enables vulnerabilities here to be exploited by simply getting a client to follow a link to a malicious server that can expand the ORIGIN set to cover the origins it wants to hijack (and which are covered by the compromised cert or compromised validation behavior). * This has the change has potential to significantly change the operational behavior of clients. Rather than clients always following DNS, clients may now aggregate origins onto a connection to a server that was never handed out in the DNS for that name. This may have unintended consequences, such as allowing a non-production server sharing a cert with a production name to accidentally hijack production traffic; or otherwise giving a server operator with a cert covering a name the power to pull in client traffic for that name without this being explicitly configured through the DNS. This change (to not follow the DNS) also becomes much more powerful (and more useful and more potentially perilous) when combined with any future pushed certificate functionality. Some options appear to be: 1) Remove this "Clients MUST NOT consult DNS" clause. This doesn't prohibit the expansion of ORIGIN sets, but does mean that existing DNS service discovery and DNS following behavior must still be followed. This change could be introduced in a subsequent draft that much more explicitly worked through the security considerations and mitigations. 2) Leave the language as-is, possibly expand on security considerations, and do a more detailed security analysis (especially for how this might interact with future pushed server certs). 3) Specify additional mitigations that should replace consulting DNS, such as a pushed DNSSEC record chain terminating in the server IP, signed Alt-Service records, or similar. Most of these would require subsequent drafts to define in-detail, along with a corresponding security analysis. (Regardless, we may wish to clarify the subsequent bullet to make it clear that clients MAY consult the DNS to determine whether an existing connection can be reused or whether a new connection should be established. While the existing "MUST NOT consult DNS" phrasing does not prohibit this, it is misleading on a first reading.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/330 ----==_mimepart_58fa77ca8cf94_764b3ff2a88bfc3858813 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

The current ORIGIN frame draft (as of the changes introduced from #212) now prohibits consulting DNS when establishing a connection's authority, as long as the TLS certificate is consulted:

Clients MUST NOT consult DNS to establish the connection's authority for new requests. The TLS certificate MUST stil be used to do so, as described in [RFC7540] Section 9.1.1.

As @MikeBishop pointed out during discussion in Chicago, this is the first draft that explicitly removes DNS from the loop as a factor, rather than just delegating DNS. I did not get the sense that strong consensus exists yet for removing DNS as a factor without an additional authenticator.

Particular concerns (some of which are highlighted in the Security Considerations) include:

  • When a cert (or validation behavior) is compromised, currently active MitM or DNS poisoning is required to exploit. This new behavior enables vulnerabilities here to be exploited by simply getting a client to follow a link to a malicious server that can expand the ORIGIN set to cover the origins it wants to hijack (and which are covered by the compromised cert or compromised validation behavior).
  • This has the change has potential to significantly change the operational behavior of clients. Rather than clients always following DNS, clients may now aggregate origins onto a connection to a server that was never handed out in the DNS for that name. This may have unintended consequences, such as allowing a non-production server sharing a cert with a production name to accidentally hijack production traffic; or otherwise giving a server operator with a cert covering a name the power to pull in client traffic for that name without this being explicitly configured through the DNS.

This change (to not follow the DNS) also becomes much more powerful (and more useful and more potentially perilous) when combined with any future pushed certificate functionality.

Some options appear to be:

  1. Remove this "Clients MUST NOT consult DNS" clause. This doesn't prohibit the expansion of ORIGIN sets, but does mean that existing DNS service discovery and DNS following behavior must still be followed. This change could be introduced in a subsequent draft that much more explicitly worked through the security considerations and mitigations.
  2. Leave the language as-is, possibly expand on security considerations, and do a more detailed security analysis (especially for how this might interact with future pushed server certs).
  3. Specify additional mitigations that should replace consulting DNS, such as a pushed DNSSEC record chain terminating in the server IP, signed Alt-Service records, or similar. Most of these would require subsequent drafts to define in-detail, along with a corresponding security analysis.

(Regardless, we may wish to clarify the subsequent bullet to make it clear that clients MAY consult the DNS to determine whether an existing connection can be reused or whether a new connection should be established. While the existing "MUST NOT consult DNS" phrasing does not prohibit this, it is misleading on a first reading.)


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58fa77ca8cf94_764b3ff2a88bfc3858813-- From nobody Fri Apr 21 14:42:39 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.019 X-Spam-Level: X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=YOjqnsg3oqhpGcKZ4JvmVCixdOE=; b=Yp0XwIQsnaJ3qWTG 49VtF0yCuI6DtkGJrvz/1lNeJUXCF/f9itS+w6+G5Fet0xY3QBBfvHHqNM9v1XJx nu0hQvkdwWCAyUYedsNbzm+QqOBEgw0q0MpEQ366AGVx/aRSK3LnX1AcMMQuSnzT d8XVyasqIW29Nx3OBPrDOdicFtU= Date: Fri, 21 Apr 2017 14:42:33 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Origin set definition (and port interaction with Alt-Svc) [origin-frame] (#331) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58fa7cc9ebad4_4a783fee69305c2c11586d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 21:42:38 -0000 ----==_mimepart_58fa7cc9ebad4_4a783fee69305c2c11586d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Some potential (editorial?) issues with the Origin Set definition (Section 2.3): * For Host we may wish to use a better term than "the value sent in Server Name Indication". In particular, this could cause problems in the future for any SNI-masking work. This also has potentially weird interactions with DANE as it specifies that the SNI should be the terminal CNAME or SRV record target. * For Port, there is a weird interaction with Alt-Svc. In particular, the server's port may be different than the port of Origin. For example, an Alt-Svc for https://www.example.com to alt.example.com:8443 still has the origin of https://www.example.com:443 but given the current wording would have the incorrect initial origins set of https://www.example.com:8443 Would it be better to have the implicit initial Origin Set from a client's perspective (when an ORIGIN frame is first received) be "the origin (as per [RFC6454]) that resulted in the successful establishment of the connection" ? This is ambiguous from the servers' perspective but perhaps much cleaner and simpler from the client's perspective. Another ambiguity: if a 421 is received for the last origin in the Origin Set, does it become empty or return to uninitialized? (Should we clarify the former, and that clients may wish to soon close out the connection if no new origin additions are received soon?) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/331 ----==_mimepart_58fa7cc9ebad4_4a783fee69305c2c11586d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Some potential (editorial?) issues with the Origin Set definition (Section 2.3):

  • For Host we may wish to use a better term than "the value sent in Server Name Indication". In particular, this could cause problems in the future for any SNI-masking work. This also has potentially weird interactions with DANE as it specifies that the SNI should be the terminal CNAME or SRV record target.

  • For Port, there is a weird interaction with Alt-Svc. In particular, the server's port may be different than the port of Origin. For example, an Alt-Svc for https://www.example.com to alt.example.com:8443 still has the origin of https://www.example.com:443 but given the current wording would have the incorrect initial origins set of https://www.example.com:8443

Would it be better to have the implicit initial Origin Set from a client's perspective (when an ORIGIN frame is first received) be "the origin (as per [RFC6454]) that resulted in the successful establishment of the connection" ?

This is ambiguous from the servers' perspective but perhaps much cleaner and simpler from the client's perspective.

Another ambiguity: if a 421 is received for the last origin in the Origin Set, does it become empty or return to uninitialized? (Should we clarify the former, and that clients may wish to soon close out the connection if no new origin additions are received soon?)


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58fa7cc9ebad4_4a783fee69305c2c11586d-- From nobody Fri Apr 21 15:09:10 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.396 X-Spam-Level: X-Spam-Status: No, score=-3.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=BRM1iNxVLi79/bsP5g8WT8tC+eI=; b=dJexamUezlyOaRVe bR2jdoa5q76X2Pk7YLydcRZ31M+KMx+LZqtB+LQp/DHJq5BFCLFwzykPkFHY/IxV wTXoPTXI7k7RBwGPFzLpLCu/ISs+XXPSySOWE9H3+5UjmXi2gKDFYe/nvX3is84z YmvWLVJoc5ZyxGidoLO5EyrAlHo= Date: Fri, 21 Apr 2017 15:09:02 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] fix "is is" typo (#332) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58fa82fe64181_275c3fc660b15c2c55584"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 22:09:09 -0000 ----==_mimepart_58fa82fe64181_275c3fc660b15c2c55584 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/332 -- Commit Summary -- * fix "is is" typo -- File Changes -- M draft-ietf-httpbis-origin-frame.md (2) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/332.patch https://github.com/httpwg/http-extensions/pull/332.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/332 ----==_mimepart_58fa82fe64181_275c3fc660b15c2c55584 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/332

Commit Summary

  • fix "is is" typo

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58fa82fe64181_275c3fc660b15c2c55584-- From nobody Sat Apr 22 06:31:34 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.02 X-Spam-Level: X-Spam-Status: No, score=-7.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sat, 22 Apr 2017 06:31:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492867890; bh=2qC29725YLXmLoHbMUPfkkmPgUOR9d/hPiWh4+PM4eQ=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=vmj0nnit6QZ3ME1aMb00g+EpjuHCcAVRgFMvVnRno7HfCU7Nk8QW7+JTTui2fOFMg O+9m1oBW3bV7Y6xb5HYbRW8rn9vafsV5w7SOijFJl6xr630w0VMKMAKaXku2Bik/BU P4T4SBmLBq3E/krGbXmaU1HZPZVXU0GgYYR95gAQ= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Specify how origin frames interact with Altsvc (#214) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58fb5b3253c78_277b3fbc81369c3c1305c0"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2017 13:31:33 -0000 ----==_mimepart_58fb5b3253c78_277b3fbc81369c3c1305c0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I'm not sure "because the default contents of the Origin Set (as per {{set}}) do not contain any Alternative Services' origins" is accurate. Even with the current text, an Alt-Svc to a different server name but default port will be in the default set if it is what is used to establish the connection. (ie, SNI is the Alt-Svc's origin and port is the default.) The cases where this is relevant is when: * Connections are being coalesced (i.e., the Alt-Svc server name shares an IP address and port with an origin). This can happen in the reverse, still making the new text here somewhat misleading. If the connection from the Alt-Svc is opened first and then another with origin hostname tries to coalesce onto it, the SNI will be from the Alt-Svc origin hostname. In this case, the SNI would be origin1. * The weird issue with #331 and ports -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/214#issuecomment-296373526 ----==_mimepart_58fb5b3253c78_277b3fbc81369c3c1305c0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I'm not sure "because the default contents of the Origin Set (as per {= {set}}) do not contain any Alternative Services' origins" is accurate. E= ven with the current text, an Alt-Svc to a different server name but defa= ult port will be in the default set if it is what is used to establish th= e connection. (ie, SNI is the Alt-Svc's origin and port is the default.)=

The cases where this is relevant is when:

  • Connections are being coalesced (i.e., the Alt-Svc server name share= s an IP address and port with an origin). This can happen in the reverse= , still making the new text here somewhat misleading. If the connection = from the Alt-Svc is opened first and then another with origin hostname tr= ies to coalesce onto it, the SNI will be from the Alt-Svc origin hostname= . In this case, the SNI would be origin1.
  • The weird issue with #331 and ports

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_58fb5b3253c78_277b3fbc81369c3c1305c0-- From nobody Sat Apr 22 06:42:39 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.801 X-Spam-Level: X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=jIcON1JtOXhpG69c+K3SwvzyTnA=; b=EO5nm0Ru/yoRgAqv PnmHCwiB0qCobMohbZIdTTkIJHmwa5Ep1Mr1mnW3KmIy3InUNuFU7XwX9DN298lL BX7Go8X3Cr6F+iO0W1W9pBOYTFn2HXLlYy0LLIyUbDRI1rKMJRMskBoLI8rQdrNO xWJ5T2ciL5jfVHhwrlF8mpph0to= Date: Sat, 22 Apr 2017 06:42:35 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Origin set definition (and port interaction with Alt-Svc) [origin-frame] (#331) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58fb5dcb2a513_1fca3f9afd1f9c302923e6"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2017 13:42:38 -0000 ----==_mimepart_58fb5dcb2a513_1fca3f9afd1f9c302923e6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Thinking about Host more, leaving it as the SNI value may make the most sense, especially as some load balancers may be using the SNI to route to the proper backend server or connection handling context. (Although this is still "the origin (as per [RFC6454]) that resulted in the successful establishment of the connection".) This is also an area where #214 could still use some clarifications. For example, take the case of: * origin1 returns "Alt-Svc: h2=origin2:443" * origin1 and origin2 are both covered by the cert at the IP address of origin2 * The server at origin2 receives a connection with SNI=origin1 so the default Origin Set would be "origin1" * If a client intended to coalesce requests directly to origin2 onto the connection with SNI=origin1, these (origin2) would not be covered by the default Origin Set. It's not clear that the text from #214 is enough to clarify this case. That also still leaves the Port issue as a little odd with the Alt-Svc interactions in the current text. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/331#issuecomment-296374150 ----==_mimepart_58fb5dcb2a513_1fca3f9afd1f9c302923e6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Thinking about Host more, leaving it as the SNI value may make the most = sense, especially as some load balancers may be using the SNI to route to t= he proper backend server or connection handling context. (Although this is= still "the origin (as per [RFC6454]) that resulted in the successful estab= lishment of the connection".)

This is also an area where #214 could still use some clarifications. For example, ta= ke the case of:

  • origin1 returns "Alt-Svc: h2=3Dorigin2:443"
  • origin1 and origin2 are both covered by the cert at the IP address of o= rigin2
  • The server at origin2 receives a connection with SNI=3Dorigin1 so the d= efault Origin Set would be "origin1"
  • If a client intended to coalesce requests directly to origin2 onto the = connection with SNI=3Dorigin1, these (origin2) would not be covered by the = default Origin Set.

It's not clear that the text from #214 is enough to clarify this case.

That also still leaves the Port issue as a little odd with the Alt-Svc i= nteractions in the current text.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyO0m7CXQCTz= zykL5Z_6aoS4bSLJWks5rygPLgaJpZM4NE0fV">mute the thread.3D""

= ----==_mimepart_58fb5dcb2a513_1fca3f9afd1f9c302923e6-- From nobody Sat Apr 22 15:28:45 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=/prQoTmYjkJTA3zh8Vvkt8OiPa8=; b=Ft3lmu5v581EY0Sy jHFmDdtf0nsukU+fhrlsJy+cWdIjiQnHyHVl1z/oHbbXWG5Taj1wK1cWSwTDPuli pQc+5fQRI56o2lu1geIh0gvhOx/w0ZRSTfJMCMXfsosRUMHkvaDTTM7aGXtjUUhA U6ahMBOHAocHRQbA3tu+e2YHAcM= Date: Sat, 22 Apr 2017 15:28:41 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Flags (#255) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58fbd91919e2c_68e3fa048955c2c26848"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2017 22:28:44 -0000 ----==_mimepart_58fbd91919e2c_68e3fa048955c2c26848 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I agree the need for evaluation. OTOH, I do not think we should pare down / adjust flags, since real-world use cases could change as time evolves. The way it is defined now represents the cache state as-is and I believe that it would be most resilient in the long term. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/255#issuecomment-296405660 ----==_mimepart_58fbd91919e2c_68e3fa048955c2c26848 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I agree the need for evaluation. OTOH, I do not think we should pare dow= n / adjust flags, since real-world use cases could change as time evolves.<= /p>

The way it is defined now represents the cache state as-is and I believe= that it would be most resilient in the long term.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyFUgK8kJKxC= drQGEt7Eit3IR74PUks5ryn8ZgaJpZM4KlobS">mute the thread.3D""

= ----==_mimepart_58fbd91919e2c_68e3fa048955c2c26848-- From nobody Sun Apr 23 18:22:39 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.182 X-Spam-Level: X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 23 Apr 2017 18:22:35 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1492996955; bh=GO93/XS60qQlYt4YeXngs98wrVEyup4jK8sONb1HGjI=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ET52ePBNnxcBqvD9u1WNitcOaIAcsTUV2jSWblDwG3B49gE+YEv/6Vt6q1QDrbgxn dCZI9BeTQWuiw7bnD9UH5X6DNsxcIzAwixqUu+9ItYa3gQrBQJw84R+uvzt9KYRkdC zgqRS+pdBI8ZCL4KoPKuGpO9NffhaLGO9/oSTegU= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] fix "is is" typo (#332) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58fd535b3dbd7_44843fcc29c45c2c115620"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Apr 2017 01:22:37 -0000 ----==_mimepart_58fd535b3dbd7_44843fcc29c45c2c115620 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Merged #332. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/332#event-1053965276 ----==_mimepart_58fd535b3dbd7_44843fcc29c45c2c115620 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Merged #332.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58fd535b3dbd7_44843fcc29c45c2c115620-- From nobody Tue Apr 25 19:21:08 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.682 X-Spam-Level: X-Spam-Status: No, score=-7.682 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 25 Apr 2017 19:21:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493173264; bh=iCPbiBoYyXDI3uNMilfpY97Nof534Ppx+edRqUdbCec=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=iw5Du8ltK8AiivOPUJxX6iAftXluRtKXprcJtRwpPwvbm8eIE9653kN6d3Re+b272 4GJWQejbwENjIR4vHYwXVvSBz29AFOwfWa7ikuVoGu1Km3UtmDeOUZaJ/5zbXg9z6i iwgNO/jcsNTPB9ZhLk0Ve5q0umT9PFa8EXZvsNzY= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Overhead in cache digest algorithm (#264) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59000410b4325_2da3ff6d6041c3c77838"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 02:21:07 -0000 ----==_mimepart_59000410b4325_2da3ff6d6041c3c77838 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit My .02 -- De-duping the URLs is an implementation optimisation; it's not necessary to specify it (but it doesn't hurt if we really want to). Trimming the URL origin makes me nervous; it's defence-in-depth against implementation errors. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/264#issuecomment-297218636 ----==_mimepart_59000410b4325_2da3ff6d6041c3c77838 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

My .02 --

De-duping the URLs is an implementation optimisation; it's not necessa= ry to specify it (but it doesn't hurt if we really want to).

Trimming the URL origin makes me nervous; it's defence-in-depth agains= t implementation errors.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_59000410b4325_2da3ff6d6041c3c77838-- From nobody Tue Apr 25 20:29:30 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.682 X-Spam-Level: X-Spam-Status: No, score=-7.682 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 25 Apr 2017 20:29:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493177366; bh=WqcN2OhogUXS12+3FEVISILnLuif9XzSbtjG8PBVlLE=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=EFezJCXRKGE4e8ZHZ1IBjjfV+CutmvVJDnhKcefCn5t7gT/jGxawdqacaNIQF8TUY h0eZDlWh1OAqpITaHx0BzyiyG7UFLrI35bSOgY3MKYhXGNyE3Q+KJAnS4jQgJ1ZF/f Aid2iWhftAfMGp0Wxz6d/6jF11jYmGqOdz3AwKC0= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Overhead in cache digest algorithm (#264) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5900141620bd9_7c6f3fe47d40fc30812a2"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 03:29:28 -0000 ----==_mimepart_5900141620bd9_7c6f3fe47d40fc30812a2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #264. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/264#event-1057788719 ----==_mimepart_5900141620bd9_7c6f3fe47d40fc30812a2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #264.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5900141620bd9_7c6f3fe47d40fc30812a2-- From nobody Tue Apr 25 20:29:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ve15CJBLskJ6cLxLM7zzPF7vGu8=; b=GUTGvQRBuwQHc1jr l5TyIsPnj2p0zpfYvIygbTiNSRTGoplQqZzopFw/OAcey+T0ACgWQrTexjcFJMCA k9voQcdUZAd21L2cYgJ0ThUkqA+s7jjHugsf79DvgbooONSfTpWXbOUs55dqVDYl 6QthZF9c3tLI5wd35z44CoNTekQ= Date: Tue, 25 Apr 2017 20:29:26 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Overhead in cache digest algorithm (#264) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5900141619214_3f7c3fa7c3df3c349986b"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 03:29:29 -0000 ----==_mimepart_5900141619214_3f7c3fa7c3df3c349986b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable @mnot Agreed on both points. =F0=9F=91=8D Trimming origins would be tricky with coalesced connections and cross origi= n PUSH. --=20 You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/264#issuecomment-297227562= ----==_mimepart_5900141619214_3f7c3fa7c3df3c349986b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@mnot Agr= eed on both points. =F0= =9F=91=8D

Trimming origins would be tricky with coalesced connections and cross or= igin PUSH.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyC0OpTrl0TL= ORsmUaypey9Yx9y0Rks5rzroWgaJpZM4KwuD-">mute the thread.3D""

= ----==_mimepart_5900141619214_3f7c3fa7c3df3c349986b-- From nobody Tue Apr 25 21:21:26 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.617 X-Spam-Level: X-Spam-Status: No, score=-0.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=cbaoCEHOupS9mu16ehV9WMQxSwY=; b=KmpUXoNuEd3KiUua piptA/gyW3RmpqLp/57taOVKbAChv/x79FJfTyNnWnbe87MKvg7ebx1ZZglSkKZp 4JJ1LTdpBjUX5S6QN/m0Ie9yalyjY4LtGOQ7I7IBUfD729EmP53KsjaDFiaViR2r ZWxtJZGVizgBRjg//X0RhxJHVbU= Date: Tue, 25 Apr 2017 21:21:23 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Origin set definition (and port interaction with Alt-Svc) [origin-frame] (#331) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59002043700c6_65b93fe6fb255c34120956"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 04:21:25 -0000 ----==_mimepart_59002043700c6_65b93fe6fb255c34120956 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I'm starting to think it might be best to have the initial origin set be empty, so that all origins added need to be explicit; making the first member "what I think you think it is" is needlessly ambiguous. The only downside AFAICT is that the common use case "limit it just to the initial origin" now can't be served by sending an empty set; it needs to be explicitly sent. @mcmanus thoughts? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/331#issuecomment-297233895 ----==_mimepart_59002043700c6_65b93fe6fb255c34120956 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I'm starting to think it might be best to have the initial origin set be= empty, so that all origins added need to be explicit; making the first mem= ber "what I think you think it is" is needlessly ambiguous.

The only downside AFAICT is that the common use case "limit it just to t= he initial origin" now can't be served by sending an empty set; it needs to= be explicitly sent.

@mcmanus thoughts?

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyAbaIQI2vKl= Dvb24I5n3OInjQe4fks5rzsZDgaJpZM4NE0fV">mute the thread.3D""

= ----==_mimepart_59002043700c6_65b93fe6fb255c34120956-- From nobody Tue Apr 25 22:28:12 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.801 X-Spam-Level: X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4fD0RfLdRYUa6ZKg2ce7nFQP4lk=; b=IFiD5gFpfWeC8iNY S4rBgJQNx64P2zaKx7VubwTmwhPovonH+oXlZYeVfSQcMPkat1M+HJFy2njsuKKp EPdLmN9sJIT9KgjtJuoSisgjnhZ79XY/z+gyuxA8O7vBCpdZen1uKjM4XIJdXfss N6rU6maOSXRQQaT0WCEnapI8tiw= Date: Tue, 25 Apr 2017 22:28:08 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? [origin-frame] (#330) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59002fe86550c_351e3fbc70d25c3c71190"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 05:28:11 -0000 ----==_mimepart_59002fe86550c_351e3fbc70d25c3c71190 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Erik - I'm trying to understand your second concern WRT operational behavior of clients. The origins being added are explicitly nominated by the server; presence in the certificate is not enough to cause the connection to be used (indeed, that concern was a large part of the motivation of this draft). Regarding the first concern -- to me, the convincing argument was that the assurances added by using DNS are incredibly weak, to the point of being of no value, especially as more people use DNS services (Open DNS, Google Public DNS, etc.), and as networks mess with them (see for one example). It might make sense to add more text to Security Considerations, e.g., encouraging (or requiring) use of a higher level of assurance (CT, pinning, etc.) as an effective second factor. Would that help? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/330#issuecomment-297241822 ----==_mimepart_59002fe86550c_351e3fbc70d25c3c71190 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Erik -

I'm trying to understand your second concern WRT operational behavior of= clients. The origins being added are explicitly nominated by the server; p= resence in the certificate is not enough to cause the connection to be used= (indeed, that concern was a large part of the motivation of this draft).

Regarding the first concern -- to me, the convincing argument was that t= he assurances added by using DNS are incredibly weak, to the point of being= of no value, especially as more people use DNS services (Open DNS, Google = Public DNS, etc.), and as networks mess with them (see https://recdnsfp.github.io for one example).

It might make sense to add more text to Security Considerations, e.g., e= ncouraging (or requiring) use of a higher level of assurance (CT, pinning, = etc.) as an effective second factor. Would that help?

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyMXAKYM1SKr= yHJFcxACU-HxQig7Vks5rztXogaJpZM4NEzUM">mute the thread.3D""

= ----==_mimepart_590099e36a863_1a043f99efe17c3884250-- From nobody Wed Apr 26 06:12:15 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.801 X-Spam-Level: X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=BXbLyr4DNY1I288qQU9MIn4Vos0=; b=VkqiLt4+8xniSH9y PoSjyleef+IFHHB/jgJ7B79WuyeBWCd75lHJXjuAUtcnHfTkKu87Qmo+Vo+R8Ovk DzW8/h2gaqHjW5CCKdr19aI2ob/k3V7+GzqwNhLmxPbNWbrcTxOlc2P++Nod48fc 8EpQdKJOkwy5JOZnwRjJ5TdO0AA= Date: Wed, 26 Apr 2017 06:12:11 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Origin set definition (and port interaction with Alt-Svc) [origin-frame] (#331) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59009cab4f340_8f13fe35dae9c34164021"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:12:14 -0000 ----==_mimepart_59009cab4f340_8f13fe35dae9c34164021 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On Wed, Apr 26, 2017 at 12:21 AM, Mark Nottingham wrote: > The only downside AFAICT is that the common use case "limit it just to the > initial origin" now can't be served by sending an empty set; it needs to be > explicitly sent. That is definitely a serious downside - we know from the way servers rolled out h2 that this kind of TLS/HTTP separation of concerns actually makes it hard on some of them to know what SNI even was, so they may not be able to issue that "limit it to SNI" very well if they need to enumerate SNI explicitly. But I think the much bigger downside is that you would now have a psuedo-security property that says a connection can't be used for its default purpose beyond coalescing - and now ORIGIN is having a much bigger impact than just coalescing rules which I think is its appropriate scope. I know in my codebase that would be a significant problem - the coalescing rules are all centralized but not all dispatch is about coalescing. Imagine a case where you're connected to the default host for the origin and receive an empty ORIGIN frame (and we change the rule to be default is the null set). There is nothing you can do but 1] wait, 2] callback and race against the ORIGIN Frame, or 3] pretend you didn't read it. All of those are bad. I think if you handshake for SNI you need to accept requests for it and its outside the scope of coalescing to change that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/331#issuecomment-297402730 ----==_mimepart_59009cab4f340_8f13fe35dae9c34164021 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Apr 26, 2017 at 12:21 AM, Mark Nottingham <notifications@github.= com>
wrote:

> The only downside AFAICT is that the common use case "limit it ju= st to the
> initial origin" now can't be served by sending an empty set; = it needs to be
> explicitly sent.


That is definitely a serious downside - we know from the way servers rolled=
out h2 that this kind of TLS/HTTP separation of concerns actually makes it<= br> hard on some of them to know what SNI even was, so they may not be able to<= br> issue that "limit it to SNI" very well if they need to enumerate = SNI
explicitly.

But I think the much bigger downside is that you would now have a
psuedo-security property that says a connection can't be used for its default purpose beyond coalescing - and now ORIGIN is having a much bigger<= br> impact than just coalescing rules which I think is its appropriate scope. I=
know in my codebase that would be a significant problem - the coalescing
rules are all centralized but not all dispatch is about coalescing.

Imagine a case where you're connected to the default host for the origi= n
and receive an empty ORIGIN frame (and we change the rule to be default is<= br> the null set). There is nothing you can do but 1] wait, 2] callback and
race against the ORIGIN Frame, or 3] pretend you didn't read it. All of=
those are bad. I think if you handshake for SNI you need to accept requests=
for it and its outside the scope of coalescing to change that.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyOZhY5eEYEa= MWOssGeZ6trq6HNyEks5rz0KrgaJpZM4NE0fV">mute the thread.3D""

= ----==_mimepart_59009cab4f340_8f13fe35dae9c34164021-- From nobody Wed Apr 26 06:30:04 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.475 X-Spam-Level: X-Spam-Status: No, score=-0.475 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=j31MCQ+BANvpA1BJREU5wkowxMw=; b=vKUrYC+BDkarVk4S Cl+IT3BUcXZfa/yT7rTi1jkBVEVtTkyNf+XrPZ9qT7a7YriIvdML5mKDzEFWpobp QBzG+B0Km6fBKvFMYfY8DpaDx8SSkQw6cpH5LSgw19le7uK/tcuvz7jzqVkWhey+ EsCHTaDGlcPEOIwgU7vaBViWBWs= Date: Wed, 26 Apr 2017 06:30:00 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] internal section references should be dynamic (#333) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5900a0d86799a_77203f7ff1215c2c7316f"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:30:03 -0000 ----==_mimepart_5900a0d86799a_77203f7ff1215c2c7316f Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Right now they use hardwired section numbers (likely from RFC6265); this is going to fail when numbers change. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/333 ----==_mimepart_5900a0d86799a_77203f7ff1215c2c7316f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Right now they use hardwired section numbers (likely from RFC6265); this is going to fail when numbers change.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5900a0d86799a_77203f7ff1215c2c7316f-- From nobody Wed Apr 26 06:33:20 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.397 X-Spam-Level: X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ApPT3oWyKx9xYGLpNDI3Vvz8HpQ=; b=TYdgsmpjqKXaZkqf 1wrsWcGlRBRuLCUDTq9ifOFnMCPdPPLpq2sXx0gsdOSB5hD6qXh9SnIj3ZHRT/qu UnaU5h5QZlbY4EWL7/7uHWeU3QCgIdSgQFZdbrO0kRK+gcNeYMlIUjK3WH6/jzLG ZWRb3PQKpjtykWCSgYypwnKeIis= Date: Wed, 26 Apr 2017 06:33:16 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Fix abstract wrt what this document obsoletes (#334) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5900a19c90005_474b3f99efe17c38178459"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:33:19 -0000 ----==_mimepart_5900a19c90005_474b3f99efe17c38178459 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/334 -- Commit Summary -- * Fix abstract wrt what this document obsoletes -- File Changes -- M draft-ietf-httpbis-rfc6265bis.md (2) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/334.patch https://github.com/httpwg/http-extensions/pull/334.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/334 ----==_mimepart_5900a19c90005_474b3f99efe17c38178459 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/334

Commit Summary

  • Fix abstract wrt what this document obsoletes

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5900a19c90005_474b3f99efe17c38178459-- From nobody Wed Apr 26 06:40:41 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.397 X-Spam-Level: X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=TUG4la9VpH1fkijUy8nVKuHTl1k=; b=A3aL/TFVeKMcRTNM SyDDvHT7wRwJpgNK027goycd3qJ+D55G03X/ync5fBa6pCb7PjRVmqU+QeNnzcLR tkH1Z7rzsoAUJcP1iisIKnpc+CFaJpu8CJ2d9p4Xway8O5qPLu45989Qvw8/oXJj Tbq8svaveTKsJ00mfa5Q1avT72U= Date: Wed, 26 Apr 2017 06:40:29 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] fix USASCII reference (#335) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5900a34d10124_6f913f91a73ddc2c1460a6"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:40:39 -0000 ----==_mimepart_5900a34d10124_6f913f91a73ddc2c1460a6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/335 -- Commit Summary -- * fix USASCII reference -- File Changes -- M draft-ietf-httpbis-rfc6265bis.md (3) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/335.patch https://github.com/httpwg/http-extensions/pull/335.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/335 ----==_mimepart_5900a34d10124_6f913f91a73ddc2c1460a6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/335

Commit Summary

  • fix USASCII reference

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5900a34d10124_6f913f91a73ddc2c1460a6-- From nobody Wed Apr 26 06:42:14 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.896 X-Spam-Level: X-Spam-Status: No, score=-7.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 26 Apr 2017 06:41:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493214076; bh=Bi/9DgwgyA676c1JCWaFZs2PKb8lPE6PBdoN33RSkcE=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=fVo7P6Jub07mWFbvpMCYgzle2kVWt7dtxxCrZkC5HxCi+uDFVW5KCmzq3tcUo7fbl C+1JjygRjngNmmPPxkTdPRRQNBIeYb+dOByVfYo1GalQvIhFJeAZ3YSyJjL0gxG3fz urNmsTH4XFAM1b7tsZkHmUPjbdluGg8R6IPr78M0= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] remove historic status text (#336) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5900a37c60ffa_38173f8d34ef7c3812951e"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:42:13 -0000 ----==_mimepart_5900a37c60ffa_38173f8d34ef7c3812951e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit ...about the changes in rfc6265 You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/336 -- Commit Summary -- * remove historic status text -- File Changes -- M draft-ietf-httpbis-rfc6265bis.md (36) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/336.patch https://github.com/httpwg/http-extensions/pull/336.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/336 ----==_mimepart_5900a37c60ffa_38173f8d34ef7c3812951e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

...about the changes in rfc6265

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/336

Commit Summary

  • remove historic status text

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5900a37c60ffa_38173f8d34ef7c3812951e-- From nobody Wed Apr 26 06:49:17 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.116 X-Spam-Level: X-Spam-Status: No, score=-5.116 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 26 Apr 2017 06:49:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493214551; bh=S0+/JI8yac6IKKln4bI7Pag71+sfthPyM4AsU73zLGg=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=OJyOu7jknKU9HFwmhSbp/1tTHfcIsQhxGxdtUcXThJ9UXSS9Oz4dmYWvFe4ne7svq GIjRle69BuftSv4H3fLsZsGYObbyKLrrXD2deFG5mlkrBdw7qpqFcGYzNOJLFcKEh8 frOiWyrFOCxqm7VY9sX6A8qzazT5luvY7UX18gFw= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] fix ID citations (#337) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5900a5571e33b_73f3fc2029e1c3c64426"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 13:49:15 -0000 ----==_mimepart_5900a5571e33b_73f3fc2029e1c3c64426 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/337 -- Commit Summary -- * fix ID citations -- File Changes -- M draft-ietf-httpbis-rfc6265bis.md (22) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/337.patch https://github.com/httpwg/http-extensions/pull/337.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/337 ----==_mimepart_5900a5571e33b_73f3fc2029e1c3c64426 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/337

Commit Summary

  • fix ID citations

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5900a5571e33b_73f3fc2029e1c3c64426-- From nobody Thu Apr 27 05:55:47 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.018 X-Spam-Level: X-Spam-Status: No, score=-7.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 27 Apr 2017 05:55:43 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493297743; bh=OJUEmxAKZ3nm2/70EvTVepQjDeQAW0iejnDd6axlT4Q=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=Zas/HKuaZlBrbfj80bIK+saolGc9oNZN+yYS7y+ZjI9UERfuBIDBBmFiIYVM0Tb6C DoIw9aE1MtPYBOEGVisk++u87zqDGNj4FNtwEoawerYtmf+bmgWEkVyX043TJEwIp7 EyYK+fqDwdCSS0HE81ICVnz5UotB2lEusnLkW9jM= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] make internal references dynamic (#338) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5901ea4fb1997_1fde3fc439683c3c846c6"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Apr 2017 12:55:46 -0000 ----==_mimepart_5901ea4fb1997_1fde3fc439683c3c846c6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit addresses #333 You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/338 -- Commit Summary -- * make internal references dynamic -- File Changes -- M draft-ietf-httpbis-rfc6265bis.md (92) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/338.patch https://github.com/httpwg/http-extensions/pull/338.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/338 ----==_mimepart_5901ea4fb1997_1fde3fc439683c3c846c6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

addresses #333

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/338

Commit Summary

  • make internal references dynamic

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5901ea4fb1997_1fde3fc439683c3c846c6-- From nobody Thu Apr 27 07:17:12 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.798 X-Spam-Level: X-Spam-Status: No, score=-9.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 27 Apr 2017 07:17:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493302622; bh=IA7D4yczjCqfMQuOYifZ26OnBTq3fi5oIK/aqYm+qzk=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=S6FotFK4AEIsytDi852SRNZRD8nScxU0J5pmgXEF9wGKVNulVM0OLchxlBG/XyzDH +LGpHfz/btadLWTqpX+a8EnjeaHAffHJ+VVHa1qEnbZdypz+ly9ghcec1y1d/TloQl vRPjZ2sbhd0O/8fTbL1ngf88lvGDHLbIZyCjFzRU= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5901fd5e3ca9b_6d483fdda9e65c3c261e8"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Apr 2017 14:17:07 -0000 ----==_mimepart_5901fd5e3ca9b_6d483fdda9e65c3c261e8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit When investigating http extensions, I came across the `ORIGIN` frame draft here. Although I think the goals set out for it are good, there are some inherent issues with adding this extension: - Service exposure on servers: the `ORIGIN` frame will potentially expose previously unknown services on the same host (e.g. administration interfaces on different ports) that should not be advertised. - Shared-host exposure: the frame will (by design) expose other domains/hosts served by the same server. For shared hosts, this can cause severe privacy issues by exposing which other domains/hosts are served by the same server. - Origin IP exposure: unless explicitly filtered out, any reverse-proxied connection can expose the origin server's IP to a connecting client, due to the previous point's type of exposure. e.g. `example.com` is proxied, `example2.com` is not proxied. Connecting to `example.com` connects to the proxy, exposes `example2.com` also being hosted in the `ORIGIN` frame. Looking up `example2.com` in DNS then exposes the origin IP of `example.com`. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339 ----==_mimepart_5901fd5e3ca9b_6d483fdda9e65c3c261e8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

When investigating http extensions, I came across the ORIGIN frame draft here.

Although I think the goals set out for it are good, there are some inherent issues with adding this extension:

  • Service exposure on servers: the ORIGIN frame will potentially expose previously unknown services on the same host (e.g. administration interfaces on different ports) that should not be advertised.
  • Shared-host exposure: the frame will (by design) expose other domains/hosts served by the same server. For shared hosts, this can cause severe privacy issues by exposing which other domains/hosts are served by the same server.
  • Origin IP exposure: unless explicitly filtered out, any reverse-proxied connection can expose the origin server's IP to a connecting client, due to the previous point's type of exposure.
    e.g. example.com is proxied, example2.com is not proxied. Connecting to example.com connects to the proxy, exposes example2.com also being hosted in the ORIGIN frame. Looking up example2.com in DNS then exposes the origin IP of example.com.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5901fd5e3ca9b_6d483fdda9e65c3c261e8-- From nobody Thu Apr 27 18:30:24 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.397 X-Spam-Level: X-Spam-Status: No, score=-3.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=P1Ep9zwgwAWhRC9DBSaa3M2QU9c=; b=nL0zq/PfFzNGqCc/ cBTtPdr96hy7CD7Qc4pMfj30rPD4jUBql51/l3Xizg4aAva6tyZ2UH+o4XtOjTR+ LwDxIYA9mznkDzy2ntL4KN++odwIiza3DHxqS3JYHWnrSS2sKpZw90+FCh0JbfIu +S6k5UUv5lSUJa9+kZsqL3CRE0w= Date: Thu, 27 Apr 2017 18:27:40 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59029a8c95218_138b3fd18bc6bc301481f8"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 01:30:22 -0000 ----==_mimepart_59029a8c95218_138b3fd18bc6bc301481f8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Since the ORIGIN frame can only be used for hosts covered by the TLS certificate, how does this make 1 and 3 worse? All of these can already be seen in the certificate (at least until certificate pushing is defined). For the second point, that may be worth calling out in Security Considerations that giving ORIGINs for specific names which are covered by a broader wildcard certificate may expose information about the server to the client (albeit intentionally on the server's behalf). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339#issuecomment-297882873 ----==_mimepart_59029a8c95218_138b3fd18bc6bc301481f8 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Since the ORIGIN frame can only be used for hosts covered by the TLS cer= tificate, how does this make 1 and 3 worse? All of these can already be se= en in the certificate (at least until certificate pushing is defined). For= the second point, that may be worth calling out in Security Considerations= that giving ORIGINs for specific names which are covered by a broader wild= card certificate may expose information about the server to the client (alb= eit intentionally on the server's behalf).

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyMB0dPIPiso= jbArkWRwBTUKR25zwks5r0UCMgaJpZM4NKR4m">mute the thread.3D""

= ----==_mimepart_59029a8c95218_138b3fd18bc6bc301481f8-- From nobody Thu Apr 27 18:37:21 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.182 X-Spam-Level: X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 27 Apr 2017 18:34:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493343285; bh=2QWb9Q1nzC1FQXpNXALJYyio0xSD5hM5zE95fG6IZIo=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=rmRclslanDEqvapWb9qQ+2UjRgt05u3oViGy+peL0hzBMSX+F5V0Yx5g8c9WfqrRU P5Ho67QSZ6Nq3VlqWvG2hsHnvXBmDCqVz2iTXdvvHf2yrAVgtL5BbKo0InFRddBCXv HjYWrzNoETaTHmOBvHOOYAp5OzuTqHhGkuWFFtGY= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Updated Opp-Sec writeup (#297) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59029c3528172_7c613fd18bc6bc30909f3"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 01:37:20 -0000 ----==_mimepart_59029c3528172_7c613fd18bc6bc30909f3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Merged #297. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/297#event-1061416327 ----==_mimepart_59029c3528172_7c613fd18bc6bc30909f3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Merged #297.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_59029c3528172_7c613fd18bc6bc30909f3-- From nobody Thu Apr 27 19:06:03 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.799 X-Spam-Level: X-Spam-Status: No, score=-9.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 27 Apr 2017 19:03:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493345007; bh=EiVcE27h8ChYLZgyC8SErnib7OrEcufQqeXKRcy0KXc=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=p5Tgr3pq9rDcQFt/LzYO57R4SJXL6G64+xVXAxqp9VcHRsfI2R6MJABt+sOOP+Zo9 Ii2kdOD7dPg9tNaL1dlCrTibuQLQgmpYCTFefH9KRsBSASxWiDDXwdixj9u+zNwdXw 0Spz/TGu8LyyrNuzwSZUmYMVLQGg69FkX81fcMqU= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5902a2ef1c114_1ada3fd18bc6bc301017d3"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 02:06:01 -0000 ----==_mimepart_5902a2ef1c114_1ada3fd18bc6bc301017d3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit The first is an issue because it exposes port numbers. Stuff you can otherwise only garner from port scanning (which any IDS will easily catch and halt) The other points are worse because it provides direct confirmation that the hosts covered are _actively_ running on the same machine. That is crucial information and lead to discovery of information a server operator may not want exposed. Certificates often cover more hosts than are running on servers, but the origin frame will actually confirm which hosts are running on which servers; and as said, can indirectly lead to origin IP discovery (making the server more effectively targetable for DoS attacks, bypassing a CDN, for example) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339#issuecomment-297887359 ----==_mimepart_5902a2ef1c114_1ada3fd18bc6bc301017d3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

The first is an issue because it exposes port numbers. Stuff you can o= therwise only garner from port scanning (which any IDS will easily catch = and halt)
The other points are worse because it provides direct confirmation that t= he hosts covered are actively running on the same machine. That = is crucial information and lead to discovery of information a server oper= ator may not want exposed. Certificates often cover more hosts than are r= unning on servers, but the origin frame will actually confirm which hosts= are running on which servers; and as said, can indirectly lead to origin= IP discovery (making the server more effectively targetable for DoS atta= cks, bypassing a CDN, for example)

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_5902a2ef1c114_1ada3fd18bc6bc301017d3-- From nobody Thu Apr 27 19:10:45 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.403 X-Spam-Level: X-Spam-Status: No, score=-0.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=flpASDy8TE6AAxTpkzpvn3a26nk=; b=o6HPGf7E3nJ9bHVl pvunz3O8u4i+4TmhfS1yTq05lSYkF5XBHirLvMpVVOAHbZtATp0jjBns92nJx9/B qA6eS/OkrhTTC7eR6wYsg4BtWiP2WnuCvkshRS46bhp+JQPORwDV0Og4iEf1efgB XHH35iewW/JKgfzG5vq0b7t9P6k= Date: Thu, 27 Apr 2017 19:08:10 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5902a40a6e309_16a53fd266babc3817898"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 02:10:43 -0000 ----==_mimepart_5902a40a6e309_16a53fd266babc3817898 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I don't get this. Why would a server advertise something that it doesn't want to advertise? This is entirely voluntary for servers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339#issuecomment-297888012 ----==_mimepart_5902a40a6e309_16a53fd266babc3817898 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

I don't get this. Why would a server advertise something that it doesn't want to advertise? This is entirely voluntary for servers.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5902a40a6e309_16a53fd266babc3817898-- From nobody Thu Apr 27 19:14:53 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.183 X-Spam-Level: X-Spam-Status: No, score=-3.183 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ZoSvRosH+t/tZCvw1YNxdztSLmY=; b=A/1F1NDW2qH8xEGI LsaADFrFe/fnwQPRu7zfT7W0ora6H7EsfLwIhi94wTRknUXN/qj4nhdu/mc4ixEM vCkG0/0P5sNL2z9MGkDfuJSGzCB7oNusGAWH6ezpVbNGmgvolSaqxUxPOrPDfOOj dXAzo+AfLk4+mXDo0zbJeLleVns= Date: Thu, 27 Apr 2017 19:12:22 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5902a50658aae_757c3fd266babc38254814"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 02:14:51 -0000 ----==_mimepart_5902a50658aae_757c3fd266babc38254814 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Let me ask you this then: does it offer granular control over exactly which hosts are being advertised in this frame on a multi-homed server with a broadly-covering certificate? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339#issuecomment-297888573 ----==_mimepart_5902a50658aae_757c3fd266babc38254814 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Let me ask you this then: does it offer granular control over exactly which hosts are being advertised in this frame on a multi-homed server with a broadly-covering certificate?


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5902a50658aae_757c3fd266babc38254814-- From nobody Thu Apr 27 19:21:34 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=LeqoD0/9oq9Nh5//ko9/aR2wpQ8=; b=U9NlqXiOKkTF+yqm yDY5hjdii/+eTu9J/fpynbq0by+Yez0HMfZeCRWQU3Olqg3yGD2n0b3etaJA9jur 2nNStndBYoSgb0FvSMPR1zhhXOakCu1GOKjWNwBFnWtVO9Q2wF/nVhu6ZmgcjYqr V6uOZg17UkzIw/N/0kTomECvSZQ= Date: Thu, 27 Apr 2017 19:19:21 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5902a6a95ebea_6b3d3fb010ba7c3c81998"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 02:21:31 -0000 ----==_mimepart_5902a6a95ebea_6b3d3fb010ba7c3c81998 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable yes - the point of the origin extension is fine grained control of which origins you wish to advertise on a per connection basis. On Thu, Apr 27, 2017 at 10:12 PM, Moonchild wrote: > Let me ask you this then: does it offer granular control over exactly > which hosts are being advertised in this frame on a multi-homed server wi= th > a broadly-covering certificate? > > =E2=80=94 > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > , > or mute the thread > > . > --=20 You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339#issuecomment-297889502= ----==_mimepart_5902a6a95ebea_6b3d3fb010ba7c3c81998 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable yes - the point of the origin extension is fine grained control of which
origins you wish to advertise on a per connection basis.

On Thu, Apr 27, 2017 at 10:12 PM, Moonchild <notifications@github.com>= ;
wrote:

> Let me ask you this then: does it offer granular control over exactly<= br> > which hosts are being advertised in this frame on a multi-homed server= with
> a broadly-covering certificate?
>
> =E2=80=94
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/httpwg/http-extensions/issues/339#issuecomment-= 297888573>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAP5s3EU3TOta5aY= k4v_ERU20t-0t_wcks5r0UsFgaJpZM4NKR4m>
> .
>

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyJPso1mwDxV= bPjzFhqux4yGvwaptks5r0UypgaJpZM4NKR4m">mute the thread.3D""

= ----==_mimepart_5902a6a95ebea_6b3d3fb010ba7c3c81998-- From nobody Thu Apr 27 23:31:34 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=8//sLmISymLkj034+GUMGCwOvzM=; b=qZ5AX9hiF02+XUp3 qO6tqik+3ZL3pO5gLtWak3/8lAOeg3mmp1fi9DXYJaD1xKK9JZhUHo+lQhfLRHAD 5UJCUpgUAv2yU3dP/NWbye43s6JOXYhCr6T87p9rwLhEQLV3pDDKiCrluFCwq5Il /QCM1i06NSwvhcFJDHuBGxjmhVM= Date: Thu, 27 Apr 2017 23:29:00 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] settings parameter to indicate support for CACHE_DIGEST (#340) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5902e12c3638_35a13ffd29387c3015161a"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 06:31:34 -0000 ----==_mimepart_5902e12c3638_35a13ffd29387c3015161a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit The PR introduces a new SETTINGS parameter that can be used by a server to notify if (and how) it makes use of the CACHE_DIGEST frames. You might find the discussion about how to use the parameter interesting. The text of the PR, under the assumption that the underlying transport will be TLS 1.3, suggests: * to wait for `SETTING_CACHE_DIGEST` SETTINGS parameter when doing a full handshake * retain the value of the parameter in the TLS session cache * and reuse the cached settings parameter value when doing 0-RTT resumption Resolves #229. You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/340 -- Commit Summary -- * settings parameter to indicate support for CACHE_DIGEST -- File Changes -- M draft-ietf-httpbis-cache-digest.md (20) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/340.patch https://github.com/httpwg/http-extensions/pull/340.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/340 ----==_mimepart_5902e12c3638_35a13ffd29387c3015161a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

The PR introduces a new SETTINGS parameter that can be used by a server to notify if (and how) it makes use of the CACHE_DIGEST frames.

You might find the discussion about how to use the parameter interesting. The text of the PR, under the assumption that the underlying transport will be TLS 1.3, suggests:

  • to wait for SETTING_CACHE_DIGEST SETTINGS parameter when doing a full handshake
  • retain the value of the parameter in the TLS session cache
  • and reuse the cached settings parameter value when doing 0-RTT resumption

Resolves #229.

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/340

Commit Summary

  • settings parameter to indicate support for CACHE_DIGEST

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5902e12c3638_35a13ffd29387c3015161a-- From nobody Fri Apr 28 06:13:55 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.8 X-Spam-Level: X-Spam-Status: No, score=-9.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Fri, 28 Apr 2017 06:09:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493384985; bh=sxwNGEQfb2wVUmDfJRsPdISyAaiv0bBaI+7C+5A/X/g=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=2H2v6+368tRutReE7Tz8PWBUKjnBCz6oNb6DuQ13Z7Fqpad68NP80ZMDBbB/ALkIU Ac7Ru2mQA6VoRRhV0+Nc817PmC6IOZdblW/ej7OHD7wvxJ9Z216On7fHhsTutga8cD vNWJ/cUtEANPwiMafvcoVIAN9ze/sAMY0kpNeA1U= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59033f1977e4a_cc83f8fb5035c3014689"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 13:13:54 -0000 ----==_mimepart_59033f1977e4a_cc83f8fb5035c3014689 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Well, considering the following in the document: > senders are encouraged to include as many origins as practical within a single ORIGIN frame One would assume that server implementations would use a default set of all active hosts served by the server that are part of the TLS certificate. So as it stands, this fine-grained control will likely not be security-aware unless a server implementation does not make this assumption and requires administrators to specifically indicate which hosts to advertise. The document focuses mainly on client implementations and should be extended to address these concerns for the server side. Don't get me wrong, there's nothing _inherently_ wrong with the spec, but as the issue title said, there are certainly _potential_ security issues with this extension, depending on how it is implemented and to what level configuration is possible. That should be given some more attention. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339#issuecomment-297993366 ----==_mimepart_59033f1977e4a_cc83f8fb5035c3014689 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Well, considering the following in the document:

senders are encouraged to include as many origins as practical within = a single ORIGIN frame

One would assume that server implementations would use a default set o= f all active hosts served by the server that are part of the TLS certific= ate. So as it stands, this fine-grained control will likely not be securi= ty-aware unless a server implementation does not make this assumption and= requires administrators to specifically indicate which hosts to advertis= e. The document focuses mainly on client implementations and should be ex= tended to address these concerns for the server side.

Don't get me wrong, there's nothing inherently wrong with the= spec, but as the issue title said, there are certainly potential security issues with this extension, depending on how it is implemented= and to what level configuration is possible. That should be given some m= ore attention.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
= ----==_mimepart_59033f1977e4a_cc83f8fb5035c3014689-- From nobody Fri Apr 28 06:31:38 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.8 X-Spam-Level: X-Spam-Status: No, score=-4.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=M/3uts3VPm24Ay/aPST3HI6mQPA=; b=ayUKsf+4ZNEoCjAS 9+0nnJNL0617oHt0YIEpan+fFx0Ia08PXzREofLybw15S/76KE2/f12A0dvvLzSh zo3UCirCv6ODmtT4AM3DbtnIxGvYrGUbtJ3pF1X6+NwZU5UNUV0aKZXm/8F+ss0B d4f7Y1n0B7IqRCCJd6/DXXbgk3E= Date: Fri, 28 Apr 2017 06:28:15 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Potential security issues with ORIGIN frame [origin-frame] (#339) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5903436f3194c_22133f84e491dc3467192"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2017 13:31:36 -0000 ----==_mimepart_5903436f3194c_22133f84e491dc3467192 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On Fri, Apr 28, 2017 at 9:09 AM, Moonchild wrote: > senders are encouraged to include as many origins as practical within a > single ORIGIN frame ah - that language can be tweaked. It is meant to say "dear servers: you are encouraged to use as few frames as possible to send your origin set" (as opposed to one origin per frame). it isn't meant to influence which origins you decide to advertise. overall though I think you're right that its worth a sentence in the security considerations to just say pay attention to what you advertise. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/339#issuecomment-297997574 ----==_mimepart_5903436f3194c_22133f84e491dc3467192 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, Apr 28, 2017 at 9:09 AM, Moonchild <notifications@github.com>= wrote:

> senders are encouraged to include as many origins as practical within = a
> single ORIGIN frame



ah - that language can be tweaked. It is meant to say "dear servers: y= ou
are encouraged to use as few frames as possible to send your origin set&quo= t;
(as opposed to one origin per frame).

it isn't meant to influence which origins you decide to advertise.

overall though I think you're right that its worth a sentence in the
security considerations to just say pay attention to what you advertise.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyAAatyDIwBG= fs3kX28QKYoVpkMPUks5r0elvgaJpZM4NKR4m">mute the thread.3D""

= ----==_mimepart_5903436f3194c_22133f84e491dc3467192-- From nobody Sat Apr 29 02:20:03 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.799 X-Spam-Level: X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=7WKr1Vkd5R6/HoY0DYH40xkgaNA=; b=tErzy+jalxgqPLvq iZY3QePMcsBuPWdE3uvrT1ydRf/taiocde4Z8EHDdpLZ6YQJ3Faw7C9KxdG39PWJ utR84xg7Sz0XZW8yNp2d341/ifJxlXc4BzaPJ4ryjz2cy0Jt1S1CWrTjSS/IT5+k c7qVteri98XO2cUZBFHl1chImqI= Date: Sat, 29 Apr 2017 02:18:36 -0700 To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] define `cache-digest` header in appendix (#341) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59045a6cd2a68_7d353fda5282fc3c1592f7"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Apr 2017 09:20:01 -0000 ----==_mimepart_59045a6cd2a68_7d353fda5282fc3c1592f7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit #256. Since I wasn't sure if we can make normative references from an appendix, RFC5234 (ABNF) and RFCRFC4648 (Base64) has been added as informative references. You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/341 -- Commit Summary -- * define `cache-digest` header in appendix -- File Changes -- M draft-ietf-httpbis-cache-digest.md (34) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/341.patch https://github.com/httpwg/http-extensions/pull/341.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/341 ----==_mimepart_59045a6cd2a68_7d353fda5282fc3c1592f7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

#256.

Since I wasn't sure if we can make normative references from an appendix, RFC5234 (ABNF) and RFCRFC4648 (Base64) has been added as informative references.

You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/341

Commit Summary

  • define `cache-digest` header in appendix

File Changes

Patch Links:


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_59045a6cd2a68_7d353fda5282fc3c1592f7-- From nobody Sun Apr 30 17:55:07 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.098 X-Spam-Level: X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 30 Apr 2017 17:53:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493599981; bh=oqKpFvfmBiGYr0S5LWkhB5imGIruKJ1DHvdqjPCWSvo=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Mm0By6WHRQLymkazvByxpUddizYoNOWr8R6VCewFnhhKi9ulopeGHfz6lrBOjzJu7 3NQVmk0njtcxOxD31Qds1Eg7YOcrCGUUb6xkq41abrv+p6Mbq9x+ncH1Rpbc4IaDS5 ErvfU38ItbT4OO7r/w7aqq77Y+t7YHlq5ujvkt8A= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Origin set definition (and port interaction with Alt-Svc) [origin-frame] (#331) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_590686edbd564_7f0c3fbc4a5e7c34332e0"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2017 00:55:05 -0000 ----==_mimepart_590686edbd564_7f0c3fbc4a5e7c34332e0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @enygren any further thoughts? I see what you're saying about future SNI masking potentially being an issue; not so sure about DANE, since it's effectively dead in the water. Still, it'd be nice not to have a layer violation here. How about something like > the hostname that the connection was established for, converted to lower case; typically the value sent in Server Name Indication ([RFC6066] Section 3) WRT the port, I don't see a problem; alt-svc does **not** change the origin port. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/331#issuecomment-298268796 ----==_mimepart_590686edbd564_7f0c3fbc4a5e7c34332e0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@enygren= any further thoughts?

I see what you're saying about future SNI masking potentially being an= issue; not so sure about DANE, since it's effectively dead in the water.= Still, it'd be nice not to have a layer violation here. How about someth= ing like

the hostname that the connection was established for, converted to low= er case; typically the value sent in Server Name Indication ([RFC6066] Se= ction 3)

WRT the port, I don't see a problem; alt-svc does not= change the origin port.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

=
----==_mimepart_59068b5e80658_533c3fbdd6833c30627d8-- From nobody Sun Apr 30 18:29:36 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.9 X-Spam-Level: X-Spam-Status: No, score=-7.9 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 30 Apr 2017 18:27:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1493602023; bh=2sRllkJgIOjJykYTB+AeBhu1qkl7sluwaSgYhQS+E1g=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=nCvddz5969BBduJuFTiT/iQzobbpBhMfMXjxzgYjbj2fUVixEnuyii8ZUth9QMpGs 9QJPK50ZYTJqSQMOjoXhlo+idxPpZ4dLGBVKEUDuX1D3UE6IgfxkKVuM96Uc/aCl4O UunkVEAMAiRxRcvHwxP3BNoDbLXzrCzkxa4+tr9s= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] define `cache-digest` header in appendix (#341) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59068ee7bc3db_241b3fe0c77f7c3011364d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2017 01:29:30 -0000 ----==_mimepart_59068ee7bc3db_241b3fe0c77f7c3011364d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit mnot commented on this pull request. > @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode." --- back +# Encoding the CACHE_DIGEST frame as an HTTP Header + +Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers. Isn't the motivation simply that browsers currently don't send CACHE_DIGEST, so you have to fake it with Fetch? > + Cache-Digest = 1#digest-entity + digest-entity = digest-value *(OWS ";" OWS digest-flag) + digest-value = + digest-flag = token +~~~ + +A Cache-Digest request header is defined as a list construct of cache-digest-entities. +Each cache-digest-entity corresponds to a CACHE_DIGEST frame. + +Digest-Value is encoded using base64url {{RFC4648}}, Section 5. +Flags that are set are encoded as digest-flags by their names that are compared case-insensitively. + +Origin is omitted in the header form. +The value is implied from the value of the `:authority` pseudo header. +Client MUST only send Cache-Digest headers containing digests that belong to the origin specified by the HTTP request. + Need to register the header field in IANA Considerations, as per RFC3864. > @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode." --- back +# Encoding the CACHE_DIGEST frame as an HTTP Header + +Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers. +When using such an implementation, it is sensible to send Cache Digests as HTTP headers, even though doing so consumes more bandwidth when compared to using HTTP/2 frames due to the fact that the digests need to be associated to every HTTP request as opposed to just sending once per connection. + +For the sake of interoperability with clients that are constrained to using headers, this appendix defines how a CACHE_DIGEST frame can be encoded as an HTTP header named `Cache-Digest`. + It would be good to mention other limitations -- e.g., since the header is end-to-end, there might be confusion about what cache generated the header field. > @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode." --- back +# Encoding the CACHE_DIGEST frame as an HTTP Header + +Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers. +When using such an implementation, it is sensible to send Cache Digests as HTTP headers, even though doing so consumes more bandwidth when compared to using HTTP/2 frames due to the fact that the digests need to be associated to every HTTP request as opposed to just sending once per connection. It might be worth spelling out why they need to be sent on every request (since different requests might be routed differently; there is no connection affinity). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/341#pullrequestreview-35531486 ----==_mimepart_59068ee7bc3db_241b3fe0c77f7c3011364d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mnot commented on this pull request.

In draft-ietf-httpbis-cache-digest.md:

> @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode."
 
 --- back
 
+# Encoding the CACHE_DIGEST frame as an HTTP Header
+
+Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers.

Isn't the motivation simply that browsers currently don't send CACHE_DIGEST, so you have to fake it with Fetch?

In draft-ietf-httpbis-cache-digest.md:

> +  Cache-Digest  = 1#digest-entity
+  digest-entity = digest-value *(OWS ";" OWS digest-flag)
+  digest-value  = <Digest-Value encoded using base64url>
+  digest-flag   = token
+~~~
+
+A Cache-Digest request header is defined as a list construct of cache-digest-entities.
+Each cache-digest-entity corresponds to a CACHE_DIGEST frame.
+
+Digest-Value is encoded using base64url {{RFC4648}}, Section 5.
+Flags that are set are encoded as digest-flags by their names that are compared case-insensitively.
+
+Origin is omitted in the header form.
+The value is implied from the value of the `:authority` pseudo header.
+Client MUST only send Cache-Digest headers containing digests that belong to the origin specified by the HTTP request.
+

Need to register the header field in IANA Considerations, as per RFC3864.

In draft-ietf-httpbis-cache-digest.md:

> @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode."
 
 --- back
 
+# Encoding the CACHE_DIGEST frame as an HTTP Header
+
+Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers.
+When using such an implementation, it is sensible to send Cache Digests as HTTP headers, even though doing so consumes more bandwidth when compared to using HTTP/2 frames due to the fact that the digests need to be associated to every HTTP request as opposed to just sending once per connection.
+
+For the sake of interoperability with clients that are constrained to using headers, this appendix defines how a CACHE_DIGEST frame can be encoded as an HTTP header named `Cache-Digest`.
+

It would be good to mention other limitations -- e.g., since the header is end-to-end, there might be confusion about what cache generated the header field.

In draft-ietf-httpbis-cache-digest.md:

> @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode."
 
 --- back
 
+# Encoding the CACHE_DIGEST frame as an HTTP Header
+
+Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers.
+When using such an implementation, it is sensible to send Cache Digests as HTTP headers, even though doing so consumes more bandwidth when compared to using HTTP/2 frames due to the fact that the digests need to be associated to every HTTP request as opposed to just sending once per connection.

It might be worth spelling out why they need to be sent on every request (since different requests might be routed differently; there is no connection affinity).


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_59068ee7bc3db_241b3fe0c77f7c3011364d-- From nobody Sun Apr 30 20:54:27 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=AiyUa71w/07dzw3x7g+eX8kl0uY=; b=WSUKfTeyGaZY0LS4 1B5Ezqt7bj0g5uZlV2gAyxsaeWb2e8qW26GyRtOu0/YXhhqT+7uvzwQ5qI6haqRN FJ7txC/qsOu0x5+XapcspRJ9YHiJuHCoMcJ/JjWVrN6QpqP5AFzIazfW6TjRm9tP FSb1onXyvpCrDLtmrj3Mw56ARPE= Date: Sun, 30 Apr 2017 20:52:03 -0700 To: httpwg/http-extensions Cc: Push In-Reply-To: References: Subject: Re: [httpwg/http-extensions] settings parameter to indicate support for CACHE_DIGEST (#340) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5906b0e399a13_5b9c3f99358d5c3079722"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2017 03:54:26 -0000 ----==_mimepart_5906b0e399a13_5b9c3f99358d5c3079722 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @kazuho pushed 1 commit. 75f9150 clarify the settings of the connections that can be reused -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/httpwg/http-extensions/pull/340/files/0ac82a58c13a1c60f612d1bb49ff0f436b58f241..75f915082fe3d1571d3c8c642938907cfde44f7d ----==_mimepart_5906b0e399a13_5b9c3f99358d5c3079722 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

  • 75f9150 clarify the settings of the connections that can be reused


You are receiving this because you are subscribed to this thread.
View it on GitHub or mute the thread.

----==_mimepart_5906b0e399a13_5b9c3f99358d5c3079722-- From nobody Sun Apr 30 20:55:27 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.019 X-Spam-Level: X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=kvskb0IPB1DARvE5xW1X0ferpts=; b=CL62yhinZ416oODu B6Wzw0i0KyFQnzG7HCSJIIFeaDQReGlTDRHG3x9WVTWw/BHEaBVtuAkKN5XDeXLU DjfeeEvBkkPGyKdgryNsoAAhaZw9Sr7Ay4hEsMxOl1Xo3iGMqt4fYCOGOLa8b5F1 lfvmvdKpdlcSO2B1t9k2Y+LKh0E= Date: Sun, 30 Apr 2017 20:52:57 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] settings parameter to indicate support for CACHE_DIGEST (#340) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5906b119ca04b_32573ff4505cdc3859446"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2017 03:55:26 -0000 ----==_mimepart_5906b119ca04b_32573ff4505cdc3859446 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit kazuho commented on this pull request. > +FRESH (0x1): When set, it indicates that the server is willing to make use of a digest of freshly-cached responses. + +STALE (0x2): When set, it indicates that the server is willing to make use of a digest of stale-cached responses. + +Rest of the bits MUST be ignored and MUST be left unset when sending. + +The initial value of the parameter is zero (0x0) meaning that the server is not interested in seeing a CACHE_DIGEST frame. + +Some underlying transports allow the server's first flight of application data to reach the client at around the same time when the client sends it's first flight data. When such transport (e.g., TLS 1.3 {{I-D.ietf-tls-tls13}} in full-handshake mode) is used, a client can postpone sending the CACHE_DIGEST frame until it receives a SETTINGS_CACHE_DIGEST settings value. + +When the underlying transport does not have such property (e.g., TLS 1.3 in 0-RTT mode), a client can reuse the settings value found in previous connections to make assumptions. Thank you for the suggestion. Applied in the commit below. That makes the sentence clearer. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/340#discussion_r114096499 ----==_mimepart_5906b119ca04b_32573ff4505cdc3859446 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@kazuho commented on this pull request.

In draft-ietf-httpbis-cache-digest.md:

>  
+FRESH (0x1): When set, it indicates that the server is willing to make use of a digest of freshly-cached responses.
+
+STALE (0x2): When set, it indicates that the server is willing to make use of a digest of stale-cached responses.
+
+Rest of the bits MUST be ignored and MUST be left unset when sending.
+
+The initial value of the parameter is zero (0x0) meaning that the server is not interested in seeing a CACHE_DIGEST frame.
+
+Some underlying transports allow the server's first flight of application data to reach the client at around the same time when the client sends it's first flight data. When such transport (e.g., TLS 1.3 {{I-D.ietf-tls-tls13}} in full-handshake mode) is used, a client can postpone sending the CACHE_DIGEST frame until it receives a SETTINGS_CACHE_DIGEST settings value.
+
+When the underlying transport does not have such property (e.g., TLS 1.3 in 0-RTT mode), a client can reuse the settings value found in previous connections to make assumptions.

Thank you for the suggestion. Applied in the commit below. That makes the sentence clearer.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5906b119ca04b_32573ff4505cdc3859446-- From nobody Sun Apr 30 22:19:55 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.402 X-Spam-Level: X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=drRwFBzYRReuGIumXuXkunVq3vM=; b=dXU4L/aDtYwWeIsk pdSpHq5dy1GA6yxJRCn8bSBtSy/ksZ32FqSPdFRw3cjxVoMdXcnmsqhywN6vNwa3 AVRZeOtVM6QoMsXZe/ZSJDlBPgSFHYnJ0j+hutsufux4gTlhtqPvANSo4zCdPMYh UCIBUHlKec9Xd4KrWTAoVSERGzk= Date: Sun, 30 Apr 2017 22:17:19 -0700 To: httpwg/http-extensions Cc: Push In-Reply-To: References: Subject: Re: [httpwg/http-extensions] define `cache-digest` header in appendix (#341) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5906c4df335d3_98c3f80dfaa9c3c8889a"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2017 05:19:54 -0000 ----==_mimepart_5906c4df335d3_98c3f80dfaa9c3c8889a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @kazuho pushed 1 commit. fdb3b0b address the issues pointed out by Mark -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/httpwg/http-extensions/pull/341/files/bab4e9d7fc637cdf9759a0b8db92d5569dfa1bbe..fdb3b0bb2ce79733dd581d5c664c6cebaf5154fa ----==_mimepart_5906c4df335d3_98c3f80dfaa9c3c8889a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

  • fdb3b0b address the issues pointed out by Mark


You are receiving this because you are subscribed to this thread.
View it on GitHub or mute the thread.

----==_mimepart_5906c4df335d3_98c3f80dfaa9c3c8889a-- From nobody Sun Apr 30 22:21:44 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.616 X-Spam-Level: X-Spam-Status: No, score=-0.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=VWewOqQbW7ZKbm8ddXkdEa4MV8g=; b=Nj7SPhlnDT6i1H5W 4zkrZiwgaO5csaCr1703KVl+eEcLA48C0tnYyLXvbGYrqKwCn5GSk0ohI5Y2qwaj wkRZTnpr2L64Bec+LWupDl62HTF3kxslkCFhkF3/hh/431BkAZclq/DH+N3HgRR/ Qv31UALKyqGOyT825d20svD87Y4= Date: Sun, 30 Apr 2017 22:18:53 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] define `cache-digest` header in appendix (#341) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5906c53dab6a1_41793fee3643bc3c4957"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2017 05:21:43 -0000 ----==_mimepart_5906c53dab6a1_41793fee3643bc3c4957 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit kazuho commented on this pull request. > @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode." --- back +# Encoding the CACHE_DIGEST frame as an HTTP Header + +Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers. I have adjusted the text so that it discusses specifically about Service Workers. It is Service Workers (that provides a Cache _and_ the Fetch API) that we use to emulate Cache-Digests. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/341#discussion_r114099514 ----==_mimepart_5906c53dab6a1_41793fee3643bc3c4957 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@kazuho commented on this pull request.

In draft-ietf-httpbis-cache-digest.md:

> @@ -286,6 +287,37 @@ Additionally, User Agents SHOULD NOT send CACHE_DIGEST when in "privacy mode."
 
 --- back
 
+# Encoding the CACHE_DIGEST frame as an HTTP Header
+
+Some HTTP/2 protocol stacks do not provide an interface to inject arbitrary HTTP/2 frames while allowing the application to send additional HTTP request headers.

I have adjusted the text so that it discusses specifically about Service Workers.

It is Service Workers (that provides a Cache and the Fetch API) that we use to emulate Cache-Digests.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5906c53dab6a1_41793fee3643bc3c4957-- From nobody Sun Apr 30 22:23:20 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.254 X-Spam-Level: X-Spam-Status: No, score=-3.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=w1r2HdOFUly8Y1vJATVRtp6mNHc=; b=ezxSJhArnAZn1djQ iPgRd0fQMhg7eHijcHEYpfQc683PqVbtuG+JuzY10oS0V6CvXYWTGKZe1Av2UpP5 8x6ViO69hwfkH5e5icvlJdiDGR6NcqkdnTnpTBAnwrzbtdEMOPsCtosCQ+xbkxbJ bvSalY4ytNOCKD/ycPiAaq/uc7A= Date: Sun, 30 Apr 2017 22:20:32 -0700 To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] define `cache-digest` header in appendix (#341) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5906c5a0d00ed_649b3ff4505cdc3895776"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2017 05:23:19 -0000 ----==_mimepart_5906c5a0d00ed_649b3ff4505cdc3895776 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Thank you for your review. I believe that I have addressed all four issues in the commit above. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/341#issuecomment-298287941 ----==_mimepart_5906c5a0d00ed_649b3ff4505cdc3895776 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Thank you for your review. I believe that I have addressed all four issues in the commit above.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5906c5a0d00ed_649b3ff4505cdc3895776--