From nobody Sun Jul 2 00:54:19 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.682 X-Spam-Level: X-Spam-Status: No, score=-7.682 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 02 Jul 2017 00:54:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1498982055; bh=5SVx7WE77pHjBx9Pf7j4K42sKaCKAYSHrm6rD9s16EE=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=rkZLeo+MGdsMqekx4iCfQ+q8W6TEjuMQS/JK2JVpykwGj/1wsX5Mb0bYs3rQdoqpI HLcN1Slq4eFLC7HtefrP9JI+tTK4vhM1ucvx1P94efgmOkEUzjKY6NX2ZgORcdX8Vh ksYmFVlTOJyS87MBP7m6BCGzVTFViI1C0nlmJRlE= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Address client-hints-04 feedback (#361) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5958a6a7ddcb4_26aa3fa1893fdc38124021"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jul 2017 07:54:19 -0000 ----==_mimepart_5958a6a7ddcb4_26aa3fa1893fdc38124021 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @reschke can you take another pass, please? Want to make sure we caught all of your feedback here. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/361#issuecomment-312476698 ----==_mimepart_5958a6a7ddcb4_26aa3fa1893fdc38124021 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@reschke can you take another pass, please? Want to make sure we caught all of your feedback here.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_5958a6a7ddcb4_26aa3fa1893fdc38124021-- From nobody Sun Jul 2 15:42:00 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=s5UJDT9w9Xp2WcVL/NNvsvrXj5Y=; b=LEyc8gZ+4AN5MEoU XmDzEfXpcZW7IqFPUmbcprE4QpX+zR9oqZr/lK4PRHoLDJrtodMUIugKeNq2ItS2 ghqfz/iBb3lgJuL3FZJelyyF8CFGdcxyJ3ImfOAO7OpdJU3ie1Nc4bfGfSWtUZnE e06WK0gW5nGz+aYFerZPvQZCuaw= Date: Sun, 02 Jul 2017 22:41:56 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Geolocation Header (#364) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595976b3d5565_66a13fac91c55c384718"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jul 2017 22:41:59 -0000 ----==_mimepart_595976b3d5565_66a13fac91c55c384718 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable @mnot I suggested to @luisbargu that we should start a thread here first to= hash out a few high-level questions about the existing proposal and possib= le CH integration, before we take it to the wider list. I'll re-open this, = but if you feel that this belongs on the list, we can take it there. --- First off, I think CH is a great conceptual fit to what @luisbargu is propo= sing, and I'd _really_ love to see us reusing established CH mechanism to e= ase implementation, both on the UA/client side and for developers =E2=80=94= this makes everyone's life easier. I'll leave the "what" discussion, like = granularity and type of data delivered via this hint, for a separate discus= sion, and focus on the how here... >Header sent from the server to the user agent when a host is compatible wi= th the Geolocation > Header and is requesting geolocation to be attached in subsequent request= s. > >>Geolocation-Request: Path=3D"/localService"; Type=3DIfAlreadyGranted; Exp= ires=3DThu, 18 Dec 2017 12:00:00 UTC The CH mechanism for the above is: > Accept-CH: Geolocation > Accept-CH-Lifetime: 86400 (seconds) There are two bits missing: Path and Type.=20 ### Path This is something we considered for CH in the past =E2=80=94 "I want to sco= pe my hints to a subpath" =E2=80=94 but punted on due to limited (or so we = deemed at the time, at least) utility vs implementation complexity tradeoff= (equivalent to cookie paths, which is a burden we didn't want to take on).= In the last few years of CH experiments, I've not heard any complaints or = requests for this. I think that was the right call, and I'd suggest we stic= k with it. ### Type fwiw, I'd like to make an argument that we should omit this. The idea here = is to enable sites to trigger a permission prompt via a header, which seems= convenient on the surface, but experience shows that this is a bad UX patt= ern: you [should be using JS API to trigger permission prompt after explain= ing the intent](https://docs.google.com/document/d/1WNPIS_2F0eyDm5SS2E6LZ_7= 5tk6XtBSnR1xNjWJ_DPE/edit) and motivation. The incremental value we're addi= ng with the header trigger is low, and seems more like a footgun.=20 If you buy both of the above, then CH has all the necessary building blocks= to enable Geolocation.=20 --- @luisbargu WDYT? How critical, or not, are Path and Type for the use case y= ou had in mind? @yoavweiss curious to hear your thoughts on the above, and Geolocation use = case for CDNs. @mnot tactical question: what's the right process for followup RFC's to "re= gister" hints to be compatible with Accept-CH? Do we need any extra steps i= n CH for a registry, or some extension hooks? --=20 You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/364#issuecomment-312521490= ----==_mimepart_595976b3d5565_66a13fac91c55c384718 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@mnot I s= uggested to @luisbargu that we should start a thread here first to hash out a few = high-level questions about the existing proposal and possible CH integratio= n, before we take it to the wider list. I'll re-open this, but if you feel = that this belongs on the list, we can take it there.

First off, I think CH is a great conceptual fit to what @luisbargu is proposing= , and I'd really love to see us reusing established CH mechanism t= o ease implementation, both on the UA/client side and for developers =E2=80= =94 this makes everyone's life easier. I'll leave the "what" discussion, li= ke granularity and type of data delivered via this hint, for a separate dis= cussion, and focus on the how here...

Header sent from the server to the user agent when a host is compatible = with the Geolocation
Header and is requesting geolocation to be attached in subsequent requests.=

Geolocation-Request: Path=3D"/localService"; Type=3DIfAlreadyGranted; Ex= pires=3DThu, 18 Dec 2017 12:00:00 UTC

The CH mechanism for the above is:

Accept-CH: Geolocation
Accept-CH-Lifetime: 86400 (seconds)

There are two bits missing: Path and Type.

Path

This is something we considered for CH in the past =E2=80=94 "I want to = scope my hints to a subpath" =E2=80=94 but punted on due to limited (or so = we deemed at the time, at least) utility vs implementation complexity trade= off (equivalent to cookie paths, which is a burden we didn't want to take o= n). In the last few years of CH experiments, I've not heard any complaints = or requests for this. I think that was the right call, and I'd suggest we s= tick with it.

Type

fwiw, I'd like to make an argument that we should omit this. The idea he= re is to enable sites to trigger a permission prompt via a header, which se= ems convenient on the surface, but experience shows that this is a bad UX p= attern: you should be using JS API to trigger permiss= ion prompt after explaining the intent and motivation. The incremental = value we're adding with the header trigger is low, and seems more like a fo= otgun.

If you buy both of the above, then CH has all the necessary building blo= cks to enable Geolocation.

@luisbar= gu WDYT? How critical, or not, are Path and Type for the use case you h= ad in mind?

@yoavwei= ss curious to hear your thoughts on the above, and Geolocation use case= for CDNs.

@mnot tac= tical question: what's the right process for followup RFC's to "register" h= ints to be compatible with Accept-CH? Do we need any extra steps in CH for = a registry, or some extension hooks?

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyFIU0c0IJif= 7LyroHxRj7nLJ-hWHks5sKByzgaJpZM4OJSIe">mute the thread.

= ----==_mimepart_595976b3d5565_66a13fac91c55c384718-- From nobody Mon Jul 3 12:08:15 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.616 X-Spam-Level: X-Spam-Status: No, score=-0.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=MzohrS74turIr34NW3rRsCrWb9k=; b=mCaCGM7eDpzq+1SL qLNo8vScOCYqlcm4mU7zH90c37roYX4xTjN7eNfOy0klwP88JdMOEEeBKIPBIzdj 9RKESjJjjwHKACVaQplmdv1RKEEkduxMet99UZuuc4TovuIW4EbI8uoJUcZRJE7h FY15L9GVlgxyVrQ4+CfYCLLhQwQ= Date: Mon, 03 Jul 2017 19:08:09 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Julian's feedback (#350) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595a9619af3b5_55283f7f07b5bc2c24278a"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:08:14 -0000 ----==_mimepart_595a9619af3b5_55283f7f07b5bc2c24278a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit > Maybe add a full example, including a request/response pair for the case when "immutable" is not present? I actually toyed with this originally and decided the current arrangement was better. Drawing the absence of a request (or the case when nothing is different from the 723x state) didn't really clarify the normative text. It turned out better to just focus on the syntax of immutable in a response imo. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/350#issuecomment-312716013 ----==_mimepart_595a9619af3b5_55283f7f07b5bc2c24278a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Maybe add a full example, including a request/response pair for the case= when "immutable" is not present?

I actually toyed with this originally and decided the current arrangemen= t was better. Drawing the absence of a request (or the case when nothing is= different from the 723x state) didn't really clarify the normative text. I= t turned out better to just focus on the syntax of immutable in a response = imo.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyE9zCSHJTRM= etZcK03TA6lFwolT4ks5sKTwZgaJpZM4NjLvn">mute the thread.

= ----==_mimepart_595a9619af3b5_55283f7f07b5bc2c24278a-- From nobody Mon Jul 3 12:21:14 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.473 X-Spam-Level: X-Spam-Status: No, score=-5.473 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 03 Jul 2017 12:20:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499109657; bh=eOW+tE/eclWDAC7L5EdmapCAbQtD5g/lLoNyMcNCLvA=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=a+UDFmW2dFm1wl7J1+Z1mMQ6s7rwmKDtFNwOH85N2CZhUhqE0IbxziPYK4aoPg7wT Xr95sX07u+O5Ufzaf2dPNbgtZmZS88oQKdXhNx6SnytIwHE3ruMBRlxzDfy/f26DSn fi97PKVyylB+l55Qjljp1CRUS46UTqoOaG+qWnSc= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Julian's feedback (#350) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595a9919e5ac1_6d7c3f9088373c3458326"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:21:03 -0000 ----==_mimepart_595a9919e5ac1_6d7c3f9088373c3458326 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit remainder addressed in -03. thanks -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/350#issuecomment-312717909 ----==_mimepart_595a9919e5ac1_6d7c3f9088373c3458326 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

remainder addressed in -03. thanks

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595a9919e5ac1_6d7c3f9088373c3458326-- From nobody Mon Jul 3 12:21:20 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.181 X-Spam-Level: X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 03 Jul 2017 12:20:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499109658; bh=c1kwkKaZYEpE5kcwNor+NeaRqjF+ttkS2s8Fewx1GFg=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ABTcxxAJo5p81+G9fqyR9TrJsBLlPijcm6Q4A2jOuTZzaDi4j5DF+7E/HN5i3ywz6 FgwVtw6tiHEFdsK/EkP+lEvegxAO2NT6B37+AUAM+dAp60OK/wpbhrSuc3G6NG2nYg ihhkMtqdRsKLdZZ5yRBpi0vq7C2BneaQ+ntGE/bk= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Julian's feedback (#350) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595a991a79523_ca23f93e3b4dc30298d3"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:21:04 -0000 ----==_mimepart_595a991a79523_ca23f93e3b4dc30298d3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #350. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/350#event-1148608867 ----==_mimepart_595a991a79523_ca23f93e3b4dc30298d3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #350.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595a991a79523_ca23f93e3b4dc30298d3-- From nobody Mon Jul 3 12:21:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.381 X-Spam-Level: X-Spam-Status: No, score=-5.381 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 03 Jul 2017 12:21:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499109672; bh=pwhtjSbzend/ZxihIVwwwCKVl48NmoX5S4riira+zfg=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=0QFx3FIdMgF4/6CUejTMkJvHXOWl9KChVlRzFpVuJTDlrMb3CNwBA4Xk131SAzbUx 42626ivSRHquTLjxUGqndl8IvczgSFbOTRKLTyvL4JqYvVCaPAquh9WLjkzV8AjOwF S4AizUvrf5p6kUh7OarqK+qMoqLPmJaFnMo6dG6s= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Immutable references (#351) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595a992898698_60313fa07fc4dc2c85356"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:21:33 -0000 ----==_mimepart_595a992898698_60313fa07fc4dc2c85356 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #351. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/351#event-1148609106 ----==_mimepart_595a992898698_60313fa07fc4dc2c85356 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #351.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595a992898698_60313fa07fc4dc2c85356-- From nobody Mon Jul 3 12:21:46 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.254 X-Spam-Level: X-Spam-Status: No, score=-3.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=iR8XvQbRwiegTfxNwflMwRcoEhE=; b=w5fAisiRKlCAjooB ApDGZqTkBinvu3reEq43Yql+f3ZXMMUT86NGToOVC8eR7boVWrtPuD4cRfjM+W9w xrVyksYDg58g7+wLk8sbujjAS/d354ochfaNlT4gkoUW9LNoc861Hfo6Whh3BMLU k1/2L++tESaCCGN9X2bg2mdijNI= Date: Mon, 03 Jul 2017 19:21:13 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Immutable references (#351) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595a9928d6346_3d0d3f9088373c34118464"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 19:21:37 -0000 ----==_mimepart_595a9928d6346_3d0d3f9088373c34118464 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit addressed in -03. thanks -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/351#issuecomment-312717953 ----==_mimepart_595a9928d6346_3d0d3f9088373c34118464 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

addressed in -03. thanks

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595a9928d6346_3d0d3f9088373c34118464-- From nobody Tue Jul 4 12:32:31 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -6.52 X-Spam-Level: X-Spam-Status: No, score=-6.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 04 Jul 2017 12:32:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499196746; bh=xRMzt/0cOHydJK0YliHamnBhuBVkGFr0nngQuzcpyqA=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Ey1g/jTila4fQBcbCDL9nzpTRHckfH2CW2oaINSj0etNXL5/lqtAlpWtC4TxzOQmt x+V38dIgIlpQV4HY7pfOYC56tC4Z69KYkxueuN5IsBmLkemQwCkd8MnkjrpYdt2/A1 ROj9naz0NbTqGQZG/vm6NPC3hr1W4qD0+CmdAfhE= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Geolocation Header (#364) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595bed4adc670_5e463f99d7087c34462f2"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jul 2017 19:32:30 -0000 ----==_mimepart_595bed4adc670_5e463f99d7087c34462f2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I still feel path can be useful, mainly to not "over-send" data that in this case might be sensitive from a privacy point of view. But I also understand the complexity tradeoffs, and Path is not core to this proposal. So if you went through this for CH and considered path was not worth, it probably applies well to this case. Regarding Type to trigger prompts... Right, it's doable through JS but was nice to offer a purely http based solution. Also understand the tradeoff in this case for value vs complexity, and agree it's also not core to the geolocation header. So on my side, if others think CH is the right approach for this, then for consistency and simplicity I'd be happy to follow that path and start a draft, on top of CH. Happy to hear other opinions :) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/364#issuecomment-312938749 ----==_mimepart_595bed4adc670_5e463f99d7087c34462f2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I still feel path can be useful, mainly to not "over-send" data that i= n this case might be sensitive from a privacy point of view. But I also u= nderstand the complexity tradeoffs, and Path is not core to this proposal= . So if you went through this for CH and considered path was not worth, i= t probably applies well to this case.

Regarding Type to trigger prompts... Right, it's doable through JS but= was nice to offer a purely http based solution. Also understand the trad= eoff in this case for value vs complexity, and agree it's also not core t= o the geolocation header.

So on my side, if others think CH is the right approach for this, then= for consistency and simplicity I'd be happy to follow that path and star= t a draft, on top of CH. Happy to hear other opinions :)

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_595bed4adc670_5e463f99d7087c34462f2-- From nobody Wed Jul 5 16:14:29 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=9uPP79Qo5o2fF9y5hToCgXvfGT4=; b=FN9rEieP4IwrwMnl zlby7H9AZqXrHSLwZvFnK2EcDXkgCEE0BpasS7kOgT3HPXmfp+kL6HsjFL/ZIqtq nwazBzl+bbLY6NeXDWp7bSbQaABf+EioiEEtrjKHphcKJLess0tovuiOUSsTskLg cGCkgaqcYn4w0W0tOAO6nP7JAFc= Date: Wed, 05 Jul 2017 23:14:16 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] No multiple headers with the same name (#365) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595d72c794ad1_72013f8b2c0d3c3817708c"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 23:14:29 -0000 ----==_mimepart_595d72c794ad1_72013f8b2c0d3c3817708c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I just noticed that you have 2 `Link` headers in the same response. According to 7230: > A sender MUST NOT generate multiple header fields with the same field > name in a message unless either the entire field value for that > header field is defined as a comma-separated list [i.e., #(values)] > or the header field is a well-known exception (as noted below). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/365 ----==_mimepart_595d72c794ad1_72013f8b2c0d3c3817708c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

I just noticed that you have 2 Link headers in the same response. According to 7230:

A sender MUST NOT generate multiple header fields with the same field
name in a message unless either the entire field value for that
header field is defined as a comma-separated list [i.e., #(values)]
or the header field is a well-known exception (as noted below).

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595d72c794ad1_72013f8b2c0d3c3817708c-- From nobody Wed Jul 5 16:15:04 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.254 X-Spam-Level: X-Spam-Status: No, score=-3.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=lhul+vSxh0Kghhq4BSxPxOEOo08=; b=DjZTbOc9gwwcQGxr Oc8nSZ3gqIKutCbkgRP+ZftRsyaNndbtRDa7Mt8IXBxX6tH5toZJKshcAIHGz+kv xtfzN4Lr1xmHnGZRXEtOsN1t3oexdSmI6Ztv7j6k4AX0Eq+33k2CpzPdBs44JgRX l+EcQF5ESGv/SDBYboDXDKtn3Ug= Date: Wed, 05 Jul 2017 23:14:59 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] No multiple headers with the same name (#365) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595d72f25d801_2b703fce546fbc3016465a"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 23:15:02 -0000 ----==_mimepart_595d72f25d801_2b703fce546fbc3016465a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This is for Early Hints draft, not sure how I can put labels. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/365#issuecomment-313251974 ----==_mimepart_595d72f25d801_2b703fce546fbc3016465a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

This is for Early Hints draft, not sure how I can put labels.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595d72f25d801_2b703fce546fbc3016465a-- From nobody Wed Jul 5 16:16:50 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.181 X-Spam-Level: X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 05 Jul 2017 16:16:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499296606; bh=i/WKsWNeaV1ma+46teJvnhkg4pmPv/Te81+CTLlufJk=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=JvUM5d9aHx+6YB+V/3OhnjWUf6I50xiSsesOcFecbm03Rl0rpGRH2HvnPSTsmq+RG BRjwwQdVCxfQacQDDa8lcu0EvhUVnuRca90OrK5H2MFPHX48azbZ4XQdB+GouBz009 IaC1tjS9y9h6U5hvgMDeXWMNQcOtEC6mg/8KBVLg= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] No multiple headers with the same name (#365) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595d735e9a8d9_2a1e3ff6dbccfc381218c9"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 23:16:49 -0000 ----==_mimepart_595d735e9a8d9_2a1e3ff6dbccfc381218c9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Yes, but `Link` is defined by RFC5988 as: ``` Link = "Link" ":" #link-value ``` i.e., it uses the comma-separated list syntax. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/365#issuecomment-313252298 ----==_mimepart_595d735e9a8d9_2a1e3ff6dbccfc381218c9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Yes, but Link is defined by RFC5988 as:

  Link           = "Link" ":" #link-value

i.e., it uses the comma-separated list syntax.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595d735e9a8d9_2a1e3ff6dbccfc381218c9-- From nobody Wed Jul 5 16:16:59 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=HwBIuUT9KfZBankZVbVNJXilPU4=; b=tqwER5P6w7RS+hKC 5ddXpnoSDFGH+kE0jmm5CoHIvfOJ5G2PkbIYnDEV//TmJBjUMmFEcOUogEzEQg80 hkqJCDkq2H3q32+1Igj92yRN9w0D9AZ/tCPuHjdp6aW4DhXlD91SKVl0ibbGKmst w4rgdrGon0ZV7jWycKf/a/EaJbo= Date: Wed, 05 Jul 2017 23:16:49 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] No multiple headers with the same name (#365) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595d73618f2bf_12db3f96784bbc2c965db"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 23:16:52 -0000 ----==_mimepart_595d73618f2bf_12db3f96784bbc2c965db Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #365. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/365#event-1151829724 ----==_mimepart_595d73618f2bf_12db3f96784bbc2c965db Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #365.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595d73618f2bf_12db3f96784bbc2c965db-- From nobody Wed Jul 5 16:18:58 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.253 X-Spam-Level: X-Spam-Status: No, score=-8.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 05 Jul 2017 16:18:54 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499296734; bh=9GYrVzHFJO0FSxrkbtyllYBnLfPTwrLHf6znOJvAQN4=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=KxEOEt7X7nCXVwLHrY2jTkhaRWYeaUuG3+bPSkLge5iUK4nHdYSfRjl5HE6ftUPjw lXsZYef4094i0We8Tt527uKMhdfzH2NrISAe70awsOl2ruXIL61RPNpECewyFSUAE9 n0AhQqESvypThGhHHtJatICNwr0uTifLZcxl7puE= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] No multiple headers with the same name (#365) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595d73dedeb5a_2d813fa24a86fc3c1781da"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 23:18:57 -0000 ----==_mimepart_595d73dedeb5a_2d813fa24a86fc3c1781da Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit right. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/365#issuecomment-313252618 ----==_mimepart_595d73dedeb5a_2d813fa24a86fc3c1781da Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

right.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595d73dedeb5a_2d813fa24a86fc3c1781da-- From nobody Thu Jul 6 20:29:30 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=qIpRHHwFr4QCDA8eeBH1+Nbg8/o=; b=NTUdxUZ+wtftliA+ tXytnMONOuZO/DCSWHMP+T7wAzvtz68OYWvkeBPWXqg+Dvttr0Ut7azT2FIlCArS 02iWxwtQoX83RRLVLgB6X4+De862jSzr5UnII08TuBM+laRKW1Lf9PTaPTtilJPc HKE5dcCsWkfvSONLjiCjVmsQoDY= Date: Fri, 07 Jul 2017 03:29:26 +0000 (UTC) To: httpwg/http-extensions Cc: Push In-Reply-To: References: Subject: Re: [httpwg/http-extensions] fix contradictory definintions with HTTP/1.1 (#363) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595f00169d76b_67793f90fd0a5c3082139"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jul 2017 03:29:29 -0000 ----==_mimepart_595f00169d76b_67793f90fd0a5c3082139 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @kazuho pushed 2 commits. 68210e9 Merge branch 'master' into kazuho/early-hints/wglc d0903d6 multiple 103s -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/httpwg/http-extensions/pull/363/files/0154cce7e09b89ac93aa7135b956588818efc3c1..d0903d61c8e591c800ca22534dd3e46b761737ec ----==_mimepart_595f00169d76b_67793f90fd0a5c3082139 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@kazuho pushed 2 commits.

68210e9 Merge branch 'master' into kazuho/early-hints/wglc
d0903d6 multiple 103s

—
You are receiving this because you are subscribed to this thread.
View it on GitHub or mute the thread.

----==_mimepart_595f00169d76b_67793f90fd0a5c3082139-- From nobody Thu Jul 6 20:30:21 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -3.182 X-Spam-Level: X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=9the6B8CCiHuOGp/hS0zN/jT3co=; b=DOfhG5l9jLuRBQTh TgJreETXzSryUTlxa7Hr3fAj0RuXOTqbDWqEyFpxJGg+6rZ1B8OYncWZWK695+Nk DyP4VHyh5eTktqcYzFnUjlxd+iM6NEwFnusw4PkVTC+VYVFZhGLGZ55dYbDexu7f vnnH1+H5YlxwrKbjzVmKwFoir2U= Date: Fri, 07 Jul 2017 03:30:17 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] fix contradictory definintions with HTTP/1.1 (#363) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_595f0049462_52443f8c4acbdc3c1490ea"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jul 2017 03:30:19 -0000 ----==_mimepart_595f0049462_52443f8c4acbdc3c1490ea Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @wtarreau Thank you for the answer. Adopted the text (with nits) in d0903d6. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/363#issuecomment-313578025 ----==_mimepart_595f0049462_52443f8c4acbdc3c1490ea Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@wtarreau Thank you for the answer. Adopted the text (with nits) in d0903d6.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_595f0049462_52443f8c4acbdc3c1490ea-- From nobody Fri Jul 7 19:21:17 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=E6W57B+4RmcH0qIzU181JulBeoA=; b=QSCzrTb5I/KHOmX0 7BNM4S7QRW5ibBOIhGRwahXIbWqw7JRjrQJF4A8jeKcezH02KHK+KgXz9/FAkE6D WdRAdE2rh6+cJ+j5s0VbyKrrF8utz8VnMFuOw7JCdzkzzwbA80zrkj9I966A3jSX U64YfUhAO+F98aK7lbAMx0HH+Vs= Date: Sat, 08 Jul 2017 02:21:12 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5960419819cb3_456f3ffcda08bc384768c"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jul 2017 02:21:16 -0000 ----==_mimepart_5960419819cb3_456f3ffcda08bc384768c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit > I'm trying to understand your second concern WRT operational behavior of clients. The origins being added are explicitly nominated by the server; presence in the certificate is not enough to cause the connection to be used (indeed, that concern was a large part of the motivation of this draft). I believe that limiting origin-set and connection reuse was the original motivation for this draft, however, it seems that possible use cases changed a bit because of [draft-bishop-httpbis-http2-additional-certs](https://datatracker.ietf.org/doc/html/draft-bishop-httpbis-http2-additional-certs), which together with this draft, makes it possible to expand the origin-set and effectively hijack traffic for all domains that server has valid SSL certificates for. Even ignoring the compromised server scenario, there are at least a few operational issues with bypassing DNS: 1. Many medium to large companies use multiple CDN providers and steer traffic using DNS. They use either custom GeoDNS solutions or services like [Cedexis](https://www.cedexis.com/solutions/multi-cdn/) to load balance traffic across multiple CDNs, or simply use one of the CDNs as the primary and rest as active backups. All those CDNs have valid SSL certificates, so neither CT nor certificate pinning would help. Similarly, some websites migrate traffic to DDoS protection services only during attacks, but those services are configured and have valid SSL certificates at all times. **Basically, configured != active.** 2. Servers with wildcard certificates can takeover all traffic for the domain, even if some subdomains would never be routed to a particular server. To give an extreme example, let's say that `www.bank.com`, `promotions.bank.com`, etc. are served by the CDN, but `secure.bank.com` is handled by the bank's own infrastructure. There is nothing stopping the CDN with valid certificate for `*.bank.com` from hijacking the traffic for `secure.bank.com`, and while certificate pinning would prevent traffic for `secure.bank.com` from reaching the CDN, it would effectively result in DoS and pretty bad end-user experience. One solution that came up in discussions with @grittygrease and @enygren, was to include signed DNSSEC response in the `ORIGIN` frame, to prove that the traffic should be routed to this particular server. This obviously solves only part of the problem, since it doesn't mean that traffic from _this particular client_ would be routed to that server, but it's much better than servers going completely wild. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/330#issuecomment-313827663 ----==_mimepart_5960419819cb3_456f3ffcda08bc384768c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I'm trying to understand your second concern WRT operational behavior of= clients. The origins being added are explicitly nominated by the server; p= resence in the certificate is not enough to cause the connection to be used= (indeed, that concern was a large part of the motivation of this draft).

I believe that limiting origin-set and connection reuse was the original= motivation for this draft, however, it seems that possible use cases chang= ed a bit because of draft-bishop-httpbis-http2-additiona= l-certs, which together with this draft, makes it possible to expand th= e origin-set and effectively hijack traffic for all domains that server has= valid SSL certificates for.

Even ignoring the compromised server scenario, there are at least a few = operational issues with bypassing DNS:

Many medium to large companies use multiple CDN providers and steer traf= fic using DNS. They use either custom GeoDNS solutions or services like Cedexis to load b= alance traffic across multiple CDNs, or simply use one of the CDNs as the p= rimary and rest as active backups. All those CDNs have valid SSL certificat= es, so neither CT nor certificate pinning would help.
Similarly, some websites migrate traffic to DDoS protection services only d= uring attacks, but those services are configured and have valid SSL certifi= cates at all times.
Basically, configured !=3D active.
Servers with wildcard certificates can takeover all traffic for the doma= in, even if some subdomains would never be routed to a particular server. T= o give an extreme example, let's say that www.bank.com, = promotions.bank.com, etc. are served by the CDN, but secure.ba= nk.com is handled by the bank's own infrastructure. There is nothing= stopping the CDN with valid certificate for *.bank.com from h= ijacking the traffic for secure.bank.com, and while certificat= e pinning would prevent traffic for secure.bank.com from reach= ing the CDN, it would effectively result in DoS and pretty bad end-user exp= erience.

One solution that came up in discussions with @grittygrease and @enygren, was to incl= ude signed DNSSEC response in the ORIGIN frame, to prove that = the traffic should be routed to this particular server. This obviously solv= es only part of the problem, since it doesn't mean that traffic from th= is particular client would be routed to that server, but it's much bet= ter than servers going completely wild.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyBWPOg1k8Gm= 0J_4Ua-sB3DLrGO_Cks5sLueYgaJpZM4NEzUM">mute the thread.

= ----==_mimepart_5960419819cb3_456f3ffcda08bc384768c-- From nobody Sat Jul 8 22:41:57 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.616 X-Spam-Level: X-Spam-Status: No, score=-0.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=AZA9SUG/vOQU/Gig613QdZeB0qA=; b=MyJU44bIh/rBEr1N pgrX8aH1fRm/m2lKKHdhBWkdZk+SFdC9QtKBCdV4T7v7FC2JiFPaO1HFEQBlZkf3 nws7jwdHSmbtYGL4mNkGSEbE/4EKCJpI5clhHpoqUCjD9pO1fA5ZhDf6SHhy1bG0 Gh7BvXhYFx0RfOPlU9yzBdq7OCE= Date: Sun, 09 Jul 2017 05:41:52 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5961c22095888_378e3fca64cd3c3c87879"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2017 05:41:55 -0000 ----==_mimepart_5961c22095888_378e3fca64cd3c3c87879 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @PiotrSikora - thanks for the input. WRT global load balancing / CDN balancing -- one of the things that has been discussed is a bit to tell the client whether or not to check DNS; that would allow them to use this, I think. WRT wildcards -- ORIGIN doesn't currently support wildcarding. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/330#issuecomment-313900441 ----==_mimepart_5961c22095888_378e3fca64cd3c3c87879 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@Piotr= Sikora - thanks for the input.

WRT global load balancing / CDN balancing -- one of the things that has = been discussed is a bit to tell the client whether or not to check DNS; tha= t would allow them to use this, I think.

WRT wildcards -- ORIGIN doesn't currently support wildcarding.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyKOamKq3uAl= S05O7KctzYj8W3IkYks5sMGgggaJpZM4NEzUM">mute the thread.

= ----==_mimepart_5961c22095888_378e3fca64cd3c3c87879-- From nobody Mon Jul 10 14:58:25 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -4.801 X-Spam-Level: X-Spam-Status: No, score=-4.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=cq3Qe0c+7WR0a7HURNuvJcR/PR0=; b=c01oEHArL63+N0XH cUuvw6N12ZDvjyNlGF6cXYnnQfbBRnTMeuSuBgLmnVugQxoTXWyI+UCi1vDCOf9G 9wzBEgeeJsXXm4vwKx4pvFyBpjrhRpKt4POwdyoWztvE/vHmtiXCve4y6ryqIP9Y JZad/x3qgZAnhvkctHFfHC80YPs= Date: Mon, 10 Jul 2017 21:58:07 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5963f86f2c8e0_26933ffbe8b61c2c1767bb"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2017 21:58:23 -0000 ----==_mimepart_5963f86f2c8e0_26933ffbe8b61c2c1767bb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Even without supporting wildcard ORIGINs, @PiotrSikora has a valid point that if a server has a wildcard cert it can pull in any hostnames that it wants to. Telling a client whether or not to check DNS certainly helps for some of these cases (ie, it helps avoid a few operational snafus) but doesn't help against malicious use-cases. My inclination is still to pull this draft back to the original "limiting origin set and connection reuse" scenario but while leaving placeholders for a subsequent draft that would cover expanding the origin set (ie, with using additional-certs and whatever other mitigators are deemed appropriate). Otherwise this draft changes the operational model of the web much more substantially than people may realize at first glance. Any operational shift this significant likely wants to be a first-class discussion rather than being a side-effect of a draft that initially had a much more constrained scope. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/330#issuecomment-314261805 ----==_mimepart_5963f86f2c8e0_26933ffbe8b61c2c1767bb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Even without supporting wildcard ORIGINs, @PiotrSikora has a valid point that= if a server has a wildcard cert it can pull in any hostnames that it wants= to.

Telling a client whether or not to check DNS certainly helps for some of= these cases (ie, it helps avoid a few operational snafus) but doesn't help= against malicious use-cases.

My inclination is still to pull this draft back to the original "limitin= g origin set and connection reuse" scenario but while leaving placeholders = for a subsequent draft that would cover expanding the origin set (ie, with = using additional-certs and whatever other mitigators are deemed appropriate= ). Otherwise this draft changes the operational model of the web much more= substantially than people may realize at first glance. Any operational sh= ift this significant likely wants to be a first-class discussion rather tha= n being a side-effect of a draft that initially had a much more constrained= scope.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGw18H3uESk= S2rbNSh5z0tSxlDxoks5sMp5vgaJpZM4NEzUM">mute the thread.

= ----==_mimepart_5963f86f2c8e0_26933ffbe8b61c2c1767bb-- From nobody Mon Jul 10 15:31:45 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.182 X-Spam-Level: X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 10 Jul 2017 15:31:41 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499725901; bh=MwLDKoo9Qi9NCLDG72oIkllNJDf77U7lcGMrOW8MNz8=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=zxPCki3FhmdOwGy4df7dfZmmPWha/5+7BwoFz2G3qlIe1QeHv57xnyy3+k+6bnoqP WOCInh+3vDIu5cUsEIAM6hE3IWkT6r4VjrkWJ+fQUGDGSdyetGJ6oXRJTwUl+8umUP Eo9R7JTmUjLWYXQyD7h69iinq6ZdLmqJ8dwmNRzA= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5964004d1983e_34093f936acf1c2c64641"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2017 22:31:44 -0000 ----==_mimepart_5964004d1983e_34093f936acf1c2c64641 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit wrt "check DNS" flag - it's still the server (i.e. CDN) that's making this recommendation to the client, right? If so, then I don't think it fixes anything, since CDNs can omit this flag and prevent clients from consulting DNS, justifying this with "we're improving the performance" excuse. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/330#issuecomment-314268696 ----==_mimepart_5964004d1983e_34093f936acf1c2c64641 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

wrt "check DNS" flag - it's still the server (i.e. CDN) that's making = this recommendation to the client, right? If so, then I don't think it fi= xes anything, since CDNs can omit this flag and prevent clients from cons= ulting DNS, justifying this with "we're improving the performance" excuse= .

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_596417b88168b_45bc3fc061f73c385475-- From nobody Mon Jul 10 21:15:28 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.253 X-Spam-Level: X-Spam-Status: No, score=-8.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 10 Jul 2017 21:15:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1499746525; bh=/0sHOIuizL+ysJPwISeafn5Ynmgob71nlOBdnMhL/WY=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=J+g5IU22gzaUKIaJLaz+H7r7lopIHW2m8/7Tf2A+Cqg1LNg8Hy63rVf3r/MLKykyu XTuofokHstoAC3PDGrBnMJyKSeXk0fO4Bjvh8UqePpiatJr8D+er/3gEIke81+mLyN S4Uy5G0HuaLP8pFo62+qzCbT8ZKHutgxHFOa6byk= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] fix contradictory definintions with HTTP/1.1 (#363) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_596450ddd8f0a_218df3fba15befc3088487"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2017 04:15:28 -0000 ----==_mimepart_596450ddd8f0a_218df3fba15befc3088487 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit mnot approved this pull request. Looks good to me! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/363#pullrequestreview-49088818 ----==_mimepart_596450ddd8f0a_218df3fba15befc3088487 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mnot approved this pull request.

Looks good to me!

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_596450ddd8f0a_218df3fba15befc3088487-- From nobody Mon Jul 10 22:59:47 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: 0.098 X-Spam-Level: X-Spam-Status: No, score=0.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=UeUsCfc/B6W8ns28MixDviQeWdE=; b=mc6bMTcuWVtxr+Rm iv68546d7pmW8xbyi+GY+LW8MmYmO7OElLf+m8M4GEX1V3/rBvogn+GEv/GLg2IM NzM8/lbtcsg4aVK72u1RypuLOF+BSA8kxl3ttnow72L+2NkFpx7SslM1yUFdBwkK 1ro3bffc5xUnhUXp5Zt+Gdgdq78= Date: Tue, 11 Jul 2017 05:59:44 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] fix contradictory definintions with HTTP/1.1 (#363) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59646950ae187_47483f8053ac9c30106759"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2017 05:59:47 -0000 ----==_mimepart_59646950ae187_47483f8053ac9c30106759 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Merged #363. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/363#event-1158116035 ----==_mimepart_59646950ae187_47483f8053ac9c30106759 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Merged #363.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_59646950ae187_47483f8053ac9c30106759-- From nobody Mon Jul 10 23:04:38 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.474 X-Spam-Level: X-Spam-Status: No, score=-0.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=s1lg3yOVmklcxUlEwz71jMNmo9I=; b=bfCeCQB964MCsXBz oE/v1TNOCEho+prb0PpzUc6vbQQH1KlDghSifXzsQBv51mZqPdpG8okvb4vuVA5Q 9pXNUz/m6tkDSEUrbh+xXLpKZYL92JgpRgmsg+dwy/N0QQPJeeM1mDf35xyYW7DN ZbAJP15fQMNlQJpJq7tQDN+vBE0= Date: Tue, 11 Jul 2017 06:04:33 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] fix contradictory definintions with HTTP/1.1 (#363) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59646a70b0b12_1b8e3f7fc89cdc2c813e2"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2017 06:04:37 -0000 ----==_mimepart_59646a70b0b12_1b8e3f7fc89cdc2c813e2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @mnot Thank you for the review! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/363#issuecomment-314336821 ----==_mimepart_59646a70b0b12_1b8e3f7fc89cdc2c813e2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mnot Thank you for the review!

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_59646a70b0b12_1b8e3f7fc89cdc2c813e2-- From nobody Thu Jul 13 08:00:33 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.616 X-Spam-Level: X-Spam-Status: No, score=-0.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=1+KCfotS/95L1y1Y1esp7vtYKmw=; b=jTwlurU6oB3kUGZa Rj+MpHG4d/KoHVwHlbDQpfxvARHiKFsO4go2/7hz4kJSgi9PLXl4B7QJ4+SgWbmv WnhxDDmRhS+rWMsanPWeeqdQQNrHln+ELHsFqmqtXCIDrBN0Dz0N5aPG3tNDLd0x pEglP0S1kOsWYwwZfoSUsgX9tRQ= Date: Thu, 13 Jul 2017 15:00:23 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Geolocation Header (#364) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59678b07c43b_78473f8040e49c38213585"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2017 15:00:32 -0000 ----==_mimepart_59678b07c43b_78473f8040e49c38213585 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit One major difference between this and the other CH headers is that this header should only be sent to the first party (or only to hosts which have permission to view geolocation data, so to third parties that got such permissions before). The use case of using geo info for content adaptation at the edge or origin seems an interesting one. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/364#issuecomment-315104444 ----==_mimepart_59678b07c43b_78473f8040e49c38213585 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

One major difference between this and the other CH headers is that this = header should only be sent to the first party (or only to hosts which have = permission to view geolocation data, so to third parties that got such perm= issions before).
The use case of using geo info for content adaptation at the edge or origin= seems an interesting one.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyJqdycWcuwC= HLcJ8VwAPx1B5mJAUks5sNjEHgaJpZM4OJSIe">mute the thread.

= ----==_mimepart_59678b07c43b_78473f8040e49c38213585-- From nobody Sun Jul 16 03:12:02 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -9.799 X-Spam-Level: X-Spam-Status: No, score=-9.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 16 Jul 2017 03:11:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1500199919; bh=0hRdYpMVjjDc6S1PwVV0MvIDJzk3JqWQem7MvnuUqQY=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=oPxcio4V2INvmc+gLNEzDpr6rEeuAewkcqcVfBNpHk5mHPUG1IQ4jOxn3SUgSWgvb NPr+bpMeAkPWZ0oJXCP5qLaik6v21YwDt7nOgcilQJ2AW7Jujk+E+LTgP9lWezcjwM ic8rguZX/HCIAKamCYXlfKXj2CQh4fGzHppY+uJ0= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_596b3bef22875_4c213f9707c85c34286139"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jul 2017 10:12:01 -0000 ----==_mimepart_596b3bef22875_4c213f9707c85c34286139 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @martinthomson I originally wanted to dismiss this idea (since CDNs could mis-issue certs with the extension anyway, so it doesn't add 2nd factor). However, we chatted a bit about it with @grittygrease yesterday, and we came to conclusion that opt-in certificate extension, along with CT requirement (so that it would be obvious that CDN requested certificate with such extension, even when domain owner didn't opt-in for it) seems like an acceptable solution. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/330#issuecomment-315599316 ----==_mimepart_596b3bef22875_4c213f9707c85c34286139 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@m= artinthomson I originally wanted to dismiss this idea (since CDNs cou= ld mis-issue certs with the extension anyway, so it doesn't add 2nd facto= r). However, we chatted a bit about it with @grittygrease yesterday, and we= came to conclusion that opt-in certificate extension, along with CT requ= irement (so that it would be obvious that CDN requested certificate with = such extension, even when domain owner didn't opt-in for it) seems like a= n acceptable solution.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_596b3bef22875_4c213f9707c85c34286139-- From nobody Sun Jul 16 05:19:41 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.616 X-Spam-Level: X-Spam-Status: No, score=-5.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 16 Jul 2017 05:19:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1500207577; bh=kV8fsjxBZSEC4v03V4IpzbqUfH+unEU4RBJUW/NVk1Y=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=AVNJ5tqVpBF6fcx4ipxzP1oudYDpUnZRAIFitMrXZGMULAxoAesNTkNZJN2oq3Zuw KmjP5R0jrhMH4ZvdMrZ8VMUWV1BWqtQVCJ78heqcfDz8kmWcOx6CeBjk9eQcRlFRsN RMiwaZIeXcOPqGle4ItxTW0p7Z/E23Q6MNn2hXgc= To: httpwg/http-extensions Cc: Subscribed Subject: [httpwg/http-extensions] ORIGIN frame typos (#366) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_596b59d9cfa0e_611c3f88c50b5c38902d1"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jul 2017 12:19:40 -0000 ----==_mimepart_596b59d9cfa0e_611c3f88c50b5c38902d1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Make optionallity more like ALTSVC, make test less Gollum-like You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/366 -- Commit Summary -- * ORIGIN frame typos -- File Changes -- M draft-ietf-httpbis-origin-frame.md (4) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/366.patch https://github.com/httpwg/http-extensions/pull/366.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/366 ----==_mimepart_596b59d9cfa0e_611c3f88c50b5c38902d1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Make optionallity more like ALTSVC, make test less Gollum-like

You can view, comment on, or merge this pull request online at:

https://github.com/httpwg/http-extensions/pull/366

Commit Summary

ORIGIN frame typos

File Changes

M draft-ietf-httpbis-origin-frame.md (4)

Patch Links:

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_596b59d9cfa0e_611c3f88c50b5c38902d1-- From nobody Sun Jul 16 05:33:26 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -8.182 X-Spam-Level: X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Sun, 16 Jul 2017 05:33:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1500208402; bh=tOx2EbQDYThOAPWHQzvrvUNCZZOXe6ItuV853cs81/w=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=wt8eFI1P7h9pndp1FFX42y9UPs6q1RvJH/uDhtmEJIyJ61tsjYBQs5alIV4BhApBh hH4OAWSIqUKkuX716tIvTahYOa3bE0K0VdbC4qzjKMWBtmCdV+xHHxJOe6gqinUM9Q r6tinI6mFe0WRaR3TNb/QfBtK/EPhama8/AZp/IQ= To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] ORIGIN frame typos (#366) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_596b5d12a9886_1b9573f9c812dfc3c295be"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jul 2017 12:33:25 -0000 ----==_mimepart_596b5d12a9886_1b9573f9c812dfc3c295be Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Merged #366. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/366#event-1165567369 ----==_mimepart_596b5d12a9886_1b9573f9c812dfc3c295be Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Merged #366.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_596b5d12a9886_1b9573f9c812dfc3c295be-- From nobody Sun Jul 16 05:33:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.755 X-Spam-Level: X-Spam-Status: No, score=-2.755 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=IqPj+cKw1FPIWMPydr1qq6mwOno=; b=fNHJNqkkPE76F41v 3DaoPG3twUl6fmUWahe1kaQSoK29BtscWbAzelgLuU9hYPL0T1PqXUX+kuc1zVPQ JpWD1zeLSR/wxpFBT764hTXpQcAkeJYkPk12phSBPKmBmWVigoShA+Kn1xuByGzh BloAyZTo4AhclTRudR6dx76v6Hs= Date: Sun, 16 Jul 2017 12:33:25 +0000 (UTC) To: httpwg/http-extensions Cc: Subscribed In-Reply-To: References: Subject: Re: [httpwg/http-extensions] ORIGIN frame typos (#366) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_596b5d15354fd_3ddb3f9707c85c3414202e"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Message-ID: From: HTTP issue updates Reply-To: http-issues@ietf.org X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.22 List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: ,