From nobody Wed Mar 1 19:58:33 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Llh4MKctrMTilJYeG7eFCzSSC4M=; b=dR8CI0o9O6+uyBOL uLdwVlkzoXZ+qVux/KBaPixOf5XPIUzm9rgrZCRfzpMzTG4Zp8iSsVMxHOA+rWxk uBlvJ3c/N6QEjBnSIqLXmkjSGPAviw5GBcPlRhpa/pKENx4u4C+TIppL8yixAFpd NgShmIvRur28WAYE+Np/aK4fYCg= Date: Wed, 01 Mar 2017 19:58:08 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Allow servers to specify max-age in the client hints header (#306) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58b798508e009_322a3f8a9d635c385143c"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 03:58:31 -0000 ----==_mimepart_58b798508e009_322a3f8a9d635c385143c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Making this a new directive in `Accept-CH` is a bit problematic, since that header field is defined as a list of header field names. It's technically possible, you just would get into situations where you have to switch your parser based upon the format of the directive, and reserve keywords that now can't be used as headers (and thus, have to register them as headers -- see `Connection`). You *could* do it as a new header, though -- e.g., `Accept-CH-Lifetime: 3600` or similar. That has the additional benefit that it can be introduced later if there's need for it, and we decide not to do it now. @igrigorik, what do you think? Keeping in mind that we're doing this spec primarily to document what one (albeit big) implementation is doing, hence its Experimental status, is Chrome interested in implementing this? If not, I'd suggest we close this issue; if it's interesting in the future, it's relatively easy to add that new header. All of that said -- I *do* think there's a bit of an issue remaining with how the applicability of `Accept-CH` is scoped. I'll open a separate issue for that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/306#issuecomment-283549512 ----==_mimepart_58b798508e009_322a3f8a9d635c385143c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Making this a new directive in Accept-CH is a bit problemat= ic, since that header field is defined as a list of header field names. It'= s technically possible, you just would get into situations where you have t= o switch your parser based upon the format of the directive, and reserve ke= ywords that now can't be used as headers (and thus, have to register them a= s headers -- see Connection).

You could do it as a new header, though -- e.g.,

Accept-CH-Lifetime: 3600

or similar.

That has the additional benefit that it can be introduced later if there= 's need for it, and we decide not to do it now.

@igrigor= ik, what do you think? Keeping in mind that we're doing this spec prima= rily to document what one (albeit big) implementation is doing, hence its E= xperimental status, is Chrome interested in implementing this?

If not, I'd suggest we close this issue; if it's interesting in the futu= re, it's relatively easy to add that new header.

All of that said -- I do think there's a bit of an issue remain= ing with how the applicability of Accept-CH is scoped. I'll op= en a separate issue for that.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyDnNv5HI8nL= yagwagZmdcJCWb86cks5rhj5QgaJpZM4MMxOI">mute the thread.

= ----==_mimepart_58b798508e009_322a3f8a9d635c385143c-- From nobody Wed Mar 1 20:09:46 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -6.501 X-Spam-Level: X-Spam-Status: No, score=-6.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 01 Mar 2017 20:09:41 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1488427781; bh=XuXHRNBVnwuyOANHOLatjE3EkJ5JiarcuVCtmj9Okh4=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=karbTHwu/sHbHPAmRZTppPAoHNQD06Q3mtbSt6RiyPx+LDW3COtYxCFEUDo7rMMro fdSnmtey1K3VzfoxM8TXQ4Ui4aBDayAlUuFkVhBX0oNCgBpj3xaDPlTQwu1JgmFjf9 eT4tuPkSuVV3E8XfTxATmaNosXxo6ksmX/gmfDgk= To: httpwg/http-extensions Subject: [httpwg/http-extensions] Scoping of Accept-CH (#307) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58b79b05da502_721e3ff50d4a9c2c1923a"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 04:09:44 -0000 ----==_mimepart_58b79b05da502_721e3ff50d4a9c2c1923a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit The `Accept-CH` response header is defined as: > When a client receives Accept-CH, or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the server is interested in receiving the Client-Hint header fields that match the advertised field-values; subsequent requests initiated to the same server and, optionally any subresource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in, can include the Client-Hint header fields that match the advertised field-values. > > For example, based on Accept-CH example above, a user agent could append DPR, Width, Viewport-Width, and Downlink header fields to all subresource requests initiated by the page constructed from the response. Alternatively, a client can treat advertised support as a persistent origin preference and append same header fields on all future requests initiated to and by the resources associated with that origin. "All future requests" is a long time indeed. While of course the client isn't going to literally do that (eventually it'll be garbage collected, or the user will reset state, or the machine will be recycled), from a server-side perspective, it'd be nice to have *some* level of control over how bloated your requests get. Additionally, having `Accept-CH` possibly indicate that future references *to* **and** *from* this origin seems like a pretty broad brush to be painting with. While Chrome might make some reasonable decisions about tradeoffs here (and probably needs some wiggle room), if this ever does get implemented elsewhere, this broadness and freedom is a recipe for bad interop and worse server-side headaches. So, can we nail this down at all? The most conservative approach is: "Send CH headers on subrequests generated by this content, please." However, the above also says "subsequent requests initiated to the same server" in the primary spot; the case above is relegated to "optionally." Personally, my preference would be to drop "subsequent requests initiated to the same server and, optionally" and the corresponding text in the example below it. The primary use case for CH as I understand it is serving appropriate subresources, NOT dynamically modifying HTML, so that should do the trick. Am I missing something, @igrigorik? Regardless of that, "server" is used very loosely above; I think you mean "origin", right? And "can" should probably be "MAY". CC @yoavweiss -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/307 ----==_mimepart_58b79b05da502_721e3ff50d4a9c2c1923a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

The Accept-CH response header is defined as:

When a client receives Accept-CH, or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the server is interested in receiving the Client-Hint header fields that match the advertised field-values; subsequent requests initiated to the same server and, optionally any subresource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in, can include the Client-Hint header fields that match the advertised field-values.

For example, based on Accept-CH example above, a user agent could append DPR, Width, Viewport-Width, and Downlink header fields to all subresource requests initiated by the page constructed from the response. Alternatively, a client can treat advertised support as a persistent origin preference and append same header fields on all future requests initiated to and by the resources associated with that origin.

"All future requests" is a long time indeed. While of course the client isn't going to literally do that (eventually it'll be garbage collected, or the user will reset state, or the machine will be recycled), from a server-side perspective, it'd be nice to have some level of control over how bloated your requests get.

Additionally, having Accept-CH possibly indicate that future references to and from this origin seems like a pretty broad brush to be painting with. While Chrome might make some reasonable decisions about tradeoffs here (and probably needs some wiggle room), if this ever does get implemented elsewhere, this broadness and freedom is a recipe for bad interop and worse server-side headaches.

So, can we nail this down at all?

The most conservative approach is:

"Send CH headers on subrequests generated by this content, please."

However, the above also says "subsequent requests initiated to the same server" in the primary spot; the case above is relegated to "optionally."

Personally, my preference would be to drop "subsequent requests initiated to the same server and, optionally" and the corresponding text in the example below it. The primary use case for CH as I understand it is serving appropriate subresources, NOT dynamically modifying HTML, so that should do the trick.

Am I missing something, @igrigorik?

Regardless of that, "server" is used very loosely above; I think you mean "origin", right? And "can" should probably be "MAY".

CC @yoavweiss

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58b79b05da502_721e3ff50d4a9c2c1923a-- From nobody Wed Mar 1 20:37:36 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Wed, 01 Mar 2017 20:37:32 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1488429452; bh=j3UOOjFVokiN4VFdBPjHCnfi2j/JmfOHD5yq4fjoBLI=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=buCLAyb+pFMvl/AI0MwCfVE25E81lIYQOpnkx3NvxM5P0BeMWTzEqyBGhzm/norCy 1YM+xhI6ImSJ1lnN+0EkOzlfwOWLyc+eU/eHCuq/K51Z9yHBfJ7dUaZLoW3F0Aos+s tWcCvCqsAt4y5tVeO7gROEale6fbX+BjlTr604+4= To: httpwg/http-extensions Subject: [httpwg/http-extensions] CH editorial (#308) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58b7a18ccf4ac_63543f80fa0b9c3470122"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 04:37:35 -0000 ----==_mimepart_58b7a18ccf4ac_63543f80fa0b9c3470122 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Taking a run through the spec before we sent it upstairs, a few suggestio= ns -- * In the abstract, `s/clients/user agents/g` (proxies aren't going to gen= erate them, and shouldn't try) * Introduction - you might get complaints about the "UA" abbreviation; sp= ell out as `User-Agent`? * Section 2 - "Each one conveys a list of client preferences" -- are they= all list-based? * 2.2 - "Servers respond with an optimized response based on one or more = received hints from the client." -- awkward; suggest: "When presented wit= h a request that contains one or more client hint headers, servers can op= timise the response based upon the information in them." * 2.2 - "used hint" --> "hint used" * 2.2 - "emit" --> "generate" (has meaning in HTTP) * 2.2 "confirm the property of the response, such that the client can adj= ust its processing" --> "convey related values to aid client processing" * Sections 3-7: These feel like they should all be in their own subsectio= n. Also, would you consider changing "client hint" in each title to "head= er field"? That will emphasise that they're just regular headers, not som= e new class of thing (I continue to be concerned that people think these = are magical because they are called Client Hints). * Section 7: "New token and extension token values can only be defined by= revisions of this specification" --> "New token and extension token valu= es can be defined by updates to this specification." (IETF-specific word= ing) * Section 9: "Client Hints defined in this specification do not expose ne= w information about the user=E2=80=99s environment beyond what is already= available to, and can be communicated by, the application at runtime via= JavaScript and CSS." --> "The request header fields defined in this spec= ification expose information that is already available to Web application= s in the browser runtime itself (e.g., using JavaScript and CSS)." * Section 9: "However, implementors should consider the privacy implicati= ons of various methods to enable delivery of Client Hints - see =E2=80=9C= Sending Client Hints=E2=80=9D section." --> "However, servers that gather= this information through such mechanisms are typically observable (e.g.,= you can see that they're using JavaScript to gather it), whereas servers= ' use of the header fields introduced by this specification is not observ= able. Section 2.1 discusses potential mitigations." = * Section 9: "might reduce such fingerprinting risks" --> "can help mitig= ate the risk of such fingerprinting." * Section 9: "The implementers can..." --> "Implementers ought to..." * Section 9: "...advertised: require..." --> "...advertised. For example,= they could require..." -- = You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/308= ----==_mimepart_58b7a18ccf4ac_63543f80fa0b9c3470122 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Taking a run through the spec before we sent it upstairs, a few sugges= tions --

In the abstract, s/clients/user agents/g (proxies aren't= going to generate them, and shouldn't try)
Introduction - you might get complaints about the "UA" abbreviation; = spell out as User-Agent?
Section 2 - "Each one conveys a list of client preferences" -- are th= ey all list-based?
2.2 - "Servers respond with an optimized response based on one or mor= e received hints from the client." -- awkward; suggest: "When presented w= ith a request that contains one or more client hint headers, servers can = optimise the response based upon the information in them."
2.2 - "used hint" --> "hint used"
2.2 - "emit" --> "generate" (has meaning in HTTP)
2.2 "confirm the property of the response, such that the client can a= djust its processing" --> "convey related values to aid client process= ing"
Sections 3-7: These feel like they should all be in their own subsect= ion. Also, would you consider changing "client hint" in each title to "he= ader field"? That will emphasise that they're just regular headers, not s= ome new class of thing (I continue to be concerned that people think thes= e are magical because they are called Client Hints).
Section 7: "New token and extension token values can only be defined = by revisions of this specification" --> "New token and extension token= values can be defined by updates to this specification." (IETF-specific= wording)
Section 9: "Client Hints defined in this specification do not expose = new information about the user=E2=80=99s environment beyond what is alrea= dy available to, and can be communicated by, the application at runtime v= ia JavaScript and CSS." --> "The request header fields defined in this= specification expose information that is already available to Web applic= ations in the browser runtime itself (e.g., using JavaScript and CSS)."
Section 9: "However, implementors should consider the privacy implica= tions of various methods to enable delivery of Client Hints - see =E2=80=9C= Sending Client Hints=E2=80=9D section." --> "However, servers that gat= her this information through such mechanisms are typically observable (e.= g., you can see that they're using JavaScript to gather it), whereas serv= ers' use of the header fields introduced by this specification is not obs= ervable. Section 2.1 discusses potential mitigations."
Section 9: "might reduce such fingerprinting risks" --> "can help = mitigate the risk of such fingerprinting."
Section 9: "The implementers can..." --> "Implementers ought to...= "
Section 9: "...advertised: require..." --> "...advertised. For exa= mple, they could require..."

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_58b7a18ccf4ac_63543f80fa0b9c3470122-- From nobody Wed Mar 1 20:37:48 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.456 X-Spam-Level: X-Spam-Status: No, score=-0.456 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Gx7NCOErVSOeJXe0doN1Z/FPctw=; b=jnpThvZHPctDY50x tEtuT9RcRGj1nk3D2l9+My9hH8EdBf5D1pPyjQjGMEPdKQ8OnpFhne77fjqmdSle t19HONI8nrmG27pkd92O+T4GjxFF3dydm/m4oAtpWJtV0FnZMfO9V32GgSbT1gC9 G2oQdvW79YlxLyWmpugdRZBBPrc= Date: Wed, 01 Mar 2017 20:37:38 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] CH editorial (#308) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58b7a1926e6d9_71673ff946e31c3036930"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2017 04:37:40 -0000 ----==_mimepart_58b7a1926e6d9_71673ff946e31c3036930 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit ping @igrigorik -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/308#issuecomment-283554170 ----==_mimepart_58b7a1926e6d9_71673ff946e31c3036930 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

ping @igrigorik

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58b7a1926e6d9_71673ff946e31c3036930-- From nobody Thu Mar 2 20:05:36 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.402 X-Spam-Level: X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Si3kb336Tde3Uqx2IrWZxUeZGwU=; b=mVVXtIjJi5kOsweC TDBoBo6TLmlHHWK9y8yC9rM7NhUOqnFMlH5oSIBB9kYxqbQGyBcwGMxXp4wvg2n7 Eqqjr9HNWUX0xTQxMXkWE23ZKcm+CyIt2RQ7hvdx3YRJcw7r2tNxJGprD5xHJG51 35hwY8D/rX+5we+oDXQlNM13gL4= Date: Thu, 02 Mar 2017 20:05:32 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] 5987bis writeup (#271) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58b8eb8cce321_55be3f96b7e97c3489611"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Mar 2017 04:05:35 -0000 ----==_mimepart_58b8eb8cce321_55be3f96b7e97c3489611 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #271. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/271#event-984821894 ----==_mimepart_58b8eb8cce321_55be3f96b7e97c3489611 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #271.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58b8eb8cce321_55be3f96b7e97c3489611-- From nobody Thu Mar 2 20:09:33 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.382 X-Spam-Level: X-Spam-Status: No, score=-5.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Thu, 02 Mar 2017 20:09:30 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1488514170; bh=6dZXVKeMoF6T6ZSdc0K7glaCtEoSkIf1GBMtF9eYGq4=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=ZBO7yU2A+/MfITy0CgMGaqZF4PT3Ki9iWdv9KQh9xZt6BpwURahG+ymWC4gBctcae H0PAgB07g/tMQHYZY/Pd7eF0fe3V15XNCrekUVfzHqb7go+3lXiMdEi2TVTh73H+IU L+3s1JQeBtwyEKH3wAltehyhYH7awCSG2WB5BEJU= To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Give us something to hang onto (#267) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58b8ec7aa6ce6_642b3f9b3e60dc2c568ba"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Mar 2017 04:09:33 -0000 ----==_mimepart_58b8ec7aa6ce6_642b3f9b3e60dc2c568ba Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #267. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/267#event-984824209 ----==_mimepart_58b8ec7aa6ce6_642b3f9b3e60dc2c568ba Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #267.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58b8ec7aa6ce6_642b3f9b3e60dc2c568ba-- From nobody Fri Mar 3 17:13:34 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Fri, 03 Mar 2017 17:13:30 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1488590010; bh=1WrX6uNGkhNYf9VftU7Jm+LzZB8U/JxZipCLPqCL5qY=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=pJtr8P7yto2ZBBEGV/IBaQwujJyowYZgq9aWCIRRJfhysUmK1y0a0HaK+qOfpaULA JJz2EUqWSPGNeXsC4gtCja8RjYF7RlazOSssHaLnGOR/f5NXUEr9Ph8oGkjnK6ki+z V5P7IdiPGBlykxsGA94OKTmxz/rQqmTlTqu10emA= To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Scoping of Accept-CH (#307) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ba14ba5d0df_a003ff9a13abc386101f"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Mar 2017 01:13:33 -0000 ----==_mimepart_58ba14ba5d0df_a003ff9a13abc386101f Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit > The primary use case for CH as I understand it is serving appropriate subresources, NOT dynamically modifying HTML, so that should do the trick. With the benefit of few years of experience, absence of hints on the initial request has proven to be a major limitation that prevented wider adoption. In practice, many of the most critical decisions about page format are made when the HTML is generated -- e.g. whether you should serve "light" version of the page, picking resource density, ..., and feature-detecting support for CH to begin with. In short, we do need to allow hints on navigation responses. > "Send CH headers on subrequests generated by this content, please." I think that's a reasonable definition for `Accept-CH`, iff we also combine it with `Accept-CH-Lifetime` proposed in https://github.com/httpwg/http-extensions/issues/306 to cover the case for initial navigation. Concretely, the proposal here would be: - Scope down `Accept-CH` to "subsequent requests generated by this content" - Define `Accept-CH-Lifetime` to allow opt-in to be remembered for specified period of time. - When this is present, opt-in applies for all content that belongs to the origin. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/307#issuecomment-284113236 ----==_mimepart_58ba14ba5d0df_a003ff9a13abc386101f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

The primary use case for CH as I understand it is serving appropriate = subresources, NOT dynamically modifying HTML, so that should do the trick= .

With the benefit of few years of experience, absence of hints on the i= nitial request has proven to be a major limitation that prevented wider a= doption. In practice, many of the most critical decisions about page form= at are made when the HTML is generated -- e.g. whether you should serve "= light" version of the page, picking resource density, ..., and feature-de= tecting support for CH to begin with. In short, we do need to allow hints= on navigation responses.

"Send CH headers on subrequests generated by this content, please."

I think that's a reasonable definition for Accept-CH, iff= we also combine it with Accept-CH-Lifetime proposed in #306 to c= over the case for initial navigation. Concretely, the proposal here would= be:

Scope down Accept-CH to "subsequent requests generated b= y this content"
Define Accept-CH-Lifetime to allow opt-in to be remember= ed for specified period of time.
- When this is present, opt-in applies for all content that belongs to = the origin.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_58ba14ba5d0df_a003ff9a13abc386101f-- From nobody Fri Mar 3 17:15:12 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=c7xGcFVWpg2rSqYg1MjFDLufupI=; b=ew2S3mFbnFBbuhgr yVYCATwgUxbOxIITMSgEAI04GO4hyyj0erIVRWfztjLWxK2ApzglFVeB0bbP3e43 +ViUU/gvC6Nzals5rXM88nyvkxFgu1/Bx+tJ7X3qNHt3JNuGiFcbfNOyh+ZgXlGm y2Sr65LzTev23Pgc7Hngdc4C0+s= Date: Fri, 03 Mar 2017 17:15:02 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Allow servers to specify max-age in the client hints header (#306) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ba1516b4e9a_62c83fb33cc67c3814768b"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Mar 2017 01:15:11 -0000 ----==_mimepart_58ba1516b4e9a_62c83fb33cc67c3814768b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable My long-term hope is that this entire discussion is a no-op and origin poli= cy will give us the right primitives (see https://github.com/WICG/origin-po= licy/issues/12) to solve this in a generic way for all opt-in behaviors. Th= at said, there *is* interest in implementing this in Chrome=E2=80=94 tarunb= an@ is driving that work=E2=80=94and we need an alternative mechanism until= OP is a thing. I agree with Mark that `Accept-CH-Lifetime` is better solution. The seconda= ry benefit, as I see it, is that we can also no-op it later once Origin Pol= icy becomes available. More details in https://github.com/httpwg/http-exten= sions/issues/307#issuecomment-284113236. --=20 You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/306#issuecomment-284113395= ----==_mimepart_58ba1516b4e9a_62c83fb33cc67c3814768b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

My long-term hope is that this entire discussion is a no-op and origin p= olicy will give us the right primitives (see WICG/origin-policy#12) to solve this in a generic w= ay for all opt-in behaviors. That said, there is interest in imple= menting this in Chrome=E2=80=94 tarunban@ is driving that work=E2=80=94and = we need an alternative mechanism until OP is a thing.

I agree with Mark that Accept-CH-Lifetime is better solutio= n. The secondary benefit, as I see it, is that we can also no-op it later o= nce Origin Policy becomes available. More details in #307 (comment).

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGivWSDdWKd= TI_gQsqB0OkMX1Q9qks5riLsWgaJpZM4MMxOI">mute the thread.

= ----==_mimepart_58ba1516b4e9a_62c83fb33cc67c3814768b-- From nobody Fri Mar 3 17:20:27 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Fri, 03 Mar 2017 17:20:24 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1488590424; bh=0qiePKekRlFcM1T4tgngCH8fPZjapaN6TqdxhXmnXS4=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=FetLP5AKZ0r9SajCaZXo9XSsADWK0xifgYxe8HJEsQ6NYctnLZqc1j2KHDuaWNE9l qJFrBMk2KkM3NRn+Nff1GRJj50y3vs0+d9rj7Igg74BFE6YHCXH57qsXnD+IR+07C9 tdUyFhfPNkFhe5KjyVKG4APNwCRSAd8m4wzPysDI= To: httpwg/http-extensions Subject: [httpwg/http-extensions] Editorial cleanup and improvements (#309) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ba1658e596_77d13f8412cafc302067bf"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Mar 2017 01:20:26 -0000 ----==_mimepart_58ba1658e596_77d13f8412cafc302067bf Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closes https://github.com/httpwg/http-extensions/issues/308. You can view, comment on, or merge this pull request online at: https://github.com/httpwg/http-extensions/pull/309 -- Commit Summary -- * Editorial cleanup and improvements -- File Changes -- M draft-ietf-httpbis-client-hints.md (32) -- Patch Links -- https://github.com/httpwg/http-extensions/pull/309.patch https://github.com/httpwg/http-extensions/pull/309.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/309 ----==_mimepart_58ba1658e596_77d13f8412cafc302067bf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closes #308.

You can view, comment on, or merge this pull request online at:

https://github.com/httpwg/http-extensions/pull/309

Commit Summary

Editorial cleanup and improvements

File Changes

M draft-ietf-httpbis-client-hints.md (32)

Patch Links:

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58ba1658e596_77d13f8412cafc302067bf-- From nobody Fri Mar 3 17:20:46 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.02 X-Spam-Level: X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=fhfLkZkSuGG54zjXJx8LWl2UuZ8=; b=IzMkSuq1Rc2/G3YC hnQOhn2zp4okZWzPRILsFvV+cuda+fstTd+VYoi2sx3YWX5gD5dg7X7dlSVfCBMW kVTjjhvjvByZ3MmW/lApVtzZAVezBGxRuGnYJaj1JmhWbHxrOgVgoOUXNWutJ1JX 2QMQ6EIdEFV33M1/NjPtBWJhuUs= Date: Fri, 03 Mar 2017 17:20:42 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] CH editorial (#308) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58ba166af22ec_77ed3f8412cafc30146733"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Mar 2017 01:20:46 -0000 ----==_mimepart_58ba166af22ec_77ed3f8412cafc30146733 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Thanks for the thorough review Mark! > In the abstract, s/clients/user agents/g (proxies aren't going to generate them, and shouldn't try) I'm building an iOS/Android app and want to use CH.. "user agent" doesn't seem to fit? I'd prefer to keep it inclusive. > Introduction - you might get complaints about the "UA" abbreviation; spell out as User-Agent? We do define it at the start: "User-Agent (UA; Section 5.5.3 of {{RFC7231}})" -- Opened PR to address the rest: https://github.com/httpwg/http-extensions/pull/309 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/308#issuecomment-284114072 ----==_mimepart_58ba166af22ec_77ed3f8412cafc30146733 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Thanks for the thorough review Mark!

In the abstract, s/clients/user agents/g (proxies aren't going to genera= te them, and shouldn't try)

I'm building an iOS/Android app and want to use CH.. "user agent" doesn'= t seem to fit? I'd prefer to keep it inclusive.

Introduction - you might get complaints about the "UA" abbreviation; spe= ll out as User-Agent?

We do define it at the start: "User-Agent (UA; Section 5.5.3 of {{RFC723= 1}})"

Opened PR to address the rest: #309

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyM_8hFLD5iQ= 2hmFk6NTTkeIgZoVxks5riLxqgaJpZM4MQiqu">mute the thread.

= ----==_mimepart_58ba166af22ec_77ed3f8412cafc30146733-- From nobody Sat Mar 4 03:50:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=vpizxnF8kcNZVOGCre+Bqu65x+U=; b=Z6ckP/EumgW5JPhw fVaTSvQ/drytNGbaTEEI2XHmnpm1Ft2beG65JaxxtHcvqW4cRIN8/l/0kirTADEK 4ou/c+P80POeNPJqUA7XS+5nAqwSCMuyX2m4Aty3hehj0ScKZTAfeCHmXnppduo/ kOs55ltExWRlda8jZZRTmN6pVDU= Date: Sat, 04 Mar 2017 03:50:31 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Scoping of Accept-CH (#307) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58baaa0778cc1_a043f86e6975c3c36299d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Mar 2017 11:50:34 -0000 ----==_mimepart_58baaa0778cc1_a043f86e6975c3c36299d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit DNT has a mechanism for determining if the DNT:0 header sent to subresources, a JS API for specifying "site-specific" consent. This also can specify lifetime by having an "expires" or "maxAge" property in the parameter dictionary for the call. The TPWG has discussed using cookies as a more generic method, but the SOP gets in the way (you cannot limit the state to a top level context). The Accept-CH header is similarly determining stateful site-specific behaviour for subresources, perhaps this points to a generalised solution? Especially as there are privacy/user control issues in common? I am thinking about a well-known cookie prefix (as proposed for RFC6265bis) that would cause the cookie to be sent to subresources in the cookie header, but only within the context of the parent that placed it. The existence of particular forms of this well-known cookie could then determine UA behaviour (such as sending Client Hints to subresources). Implementation would be simpler because the expiry procedures are already in place. A further advantage would then be that the state is automatically contained in the UAs cookie store, accessible to existing privacy oriented UA UIs and extensions, increasing transparency. For example: Set-Cookie: __SRAccept-CH=DPR;expires=Sat, 05 Mar 2017 00:00:00 GMT -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/307#issuecomment-284146721 ----==_mimepart_58baaa0778cc1_a043f86e6975c3c36299d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

DNT has a mechanism for determining if the DNT:0 header sent to subresou= rces, a JS API for specifying "site-specific" consent. This also can specif= y lifetime by having an "expires" or "maxAge" property in the parameter dic= tionary for the call.

The TPWG has discussed using cookies as a more generic method, but the S= OP gets in the way (you cannot limit the state to a top level context).

The Accept-CH header is similarly determining stateful site-specific beh= aviour for subresources, perhaps this points to a generalised solution? Esp= ecially as there are privacy/user control issues in common?

I am thinking about a well-known cookie prefix (as proposed for RFC6265b= is) that would cause the cookie to be sent to subresources in the cookie he= ader, but only within the context of the parent that placed it. The existen= ce of particular forms of this well-known cookie could then determine UA be= haviour (such as sending Client Hints to subresources).

Implementation would be simpler because the expiry procedures are alread= y in place.

A further advantage would then be that the state is automatically contai= ned in the UAs cookie store, accessible to existing privacy oriented UA UIs= and extensions, increasing transparency.

For example:

Set-Cookie: __SRAccept-CH=3DDPR;expires=3DSat, 05 Mar 2017 00:00:00 GMT<= /p>

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyIm8z1mcrVY= y4CqIATWfmTTmwcVjks5riVAHgaJpZM4MQhwp">mute the thread.

= ----==_mimepart_58baaa0778cc1_a043f86e6975c3c36299d-- From nobody Sun Mar 5 17:41:12 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.598 X-Spam-Level: X-Spam-Status: No, score=-0.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=GRBnw+hoCJXObkSeXW8u+FAPQPo=; b=uLwMY4CsYZ0BZ5iE RjO1Lcb/U6o3iXL8k6oijBPR8whwH26sab/kes5O4T25k6BZYPlIznTnspFKWkEQ w8wlZxy8XD7L1LOBE464nyqZQHfhimQvffiC5lJtGBYdV3vNLW3zqBe7Hc92VSCB /c8/ejNQQuPJq3a4M2I5gp98wnI= Date: Sun, 05 Mar 2017 17:41:08 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] CH editorial (#308) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bcbe347232_7c2d3f7fb69e9c2c592d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 01:41:11 -0000 ----==_mimepart_58bcbe347232_7c2d3f7fb69e9c2c592d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit "client" and "user agent" are defined terms in HTTP; client covers *anything* that sends a request, including proxies, whereas user agent is only the originator of requests -- regardless of whether it's a Web browser or app. (this is not the WHATWG :) I saw that you defined the abbreviation, but I suspect the RFC editor is going to change it; all other HTTP RFCs use the phrase "user agent." Besides which, "User-Agent" is the name of the header field, further confusing things. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/308#issuecomment-284282772 ----==_mimepart_58bcbe347232_7c2d3f7fb69e9c2c592d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

"client" and "user agent" are defined terms in HTTP; client covers a= nything that sends a request, including proxies, whereas user agent is= only the originator of requests -- regardless of whether it's a Web browse= r or app.

(this is not the WHATWG :)

I saw that you defined the abbreviation, but I suspect the RFC editor is= going to change it; all other HTTP RFCs use the phrase "user agent." Besid= es which, "User-Agent" is the name of the header field, further confusing t= hings.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyKAwOa6M4k5= SRxd4rnI6rZMlT3k4ks5ri2Q0gaJpZM4MQiqu">mute the thread.

= ----==_mimepart_58bcbe347232_7c2d3f7fb69e9c2c592d-- From nobody Sun Mar 5 17:45:33 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.475 X-Spam-Level: X-Spam-Status: No, score=-0.475 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=C+LDgMVMfTyq4Bh5R9NhmZ+yiW0=; b=w/ABmbGJcjQka5KO VD4PeMxo4eoug1yIuv/2MtBn8HLRKgaXAPLgGu2XfpmucHKFtsmXAwjLCszNDrS3 kAauzizQS/EMmHNHd6tjteg9enogL+47tfIuJcwmy/Ser9GHdC5q2WDgNqC3JjpI V7An/kFv+xKtlsCzWM9aJI8nTaQ= Date: Sun, 05 Mar 2017 17:45:29 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Editorial cleanup and improvements (#309) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bcbf3937f4_172f3fb7fb779c3076651"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 01:45:31 -0000 ----==_mimepart_58bcbf3937f4_172f3fb7fb779c3076651 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit mnot approved this pull request. LGTM; see answers to first two questions on original issue. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/309#pullrequestreview-25164684 ----==_mimepart_58bcbf3937f4_172f3fb7fb779c3076651 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mnot approved this pull request.

LGTM; see answers to first two questions on original issue.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58bcbf3937f4_172f3fb7fb779c3076651-- From nobody Sun Mar 5 21:40:39 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.021 X-Spam-Level: X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=dzURi4nqgaRbRzhWkVBP0hpDPaA=; b=B46Rytej3fGoH5Dk jOenyaml+P4zoNVxZvtOo9T+ohe+cY+NitcCc7GJHvcNb3fjGdmX+ZFYEdi0kNvM zKZPuptVOfLEISOLN38sjoEBcI7VFND5/FSYSR3qwxWj4YLTitdk9f2BjlspNt2y zfyFx0myZC+oj34hka4Hhd4QbQE= Date: Sun, 05 Mar 2017 21:40:35 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Scoping of Accept-CH (#307) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bcf65376b9_4f433fd17ff33c304112e"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 05:40:39 -0000 ----==_mimepart_58bcf65376b9_4f433fd17ff33c304112e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @igrigorik - Just thinking through doing this, a couple of questions -- It seems like there are a lot of potential dimensions that the server's preferences for sending CH could vary -- e.g., same-origin vs. third-party, navigation vs. subresource, etc. Are we offering the right capability (all requests from a given origin) here? Will having one `Accept-CH` policy for an entire origin work? What if different resources need different headers? How should clients behave when they get conflicting lists of headers and/or lifetimes for a given origin? Using a cache to determine whether to sent hint headers means that the initial navigation request to a given origin won't have them, so any behaviour that depends on them will need a fallback. Is that just going to be "serve the heavier page", or something more complex? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/307#issuecomment-284307644 ----==_mimepart_58bcf65376b9_4f433fd17ff33c304112e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@igrigor= ik - Just thinking through doing this, a couple of questions --

It seems like there are a lot of potential dimensions that the server's = preferences for sending CH could vary -- e.g., same-origin vs. third-party,= navigation vs. subresource, etc. Are we offering the right capability (all= requests from a given origin) here?

Will having one Accept-CH policy for an entire origin work?= What if different resources need different headers? How should clients beh= ave when they get conflicting lists of headers and/or lifetimes for a given= origin?

Using a cache to determine whether to sent hint headers means that the i= nitial navigation request to a given origin won't have them, so any behavio= ur that depends on them will need a fallback. Is that just going to be "ser= ve the heavier page", or something more complex?

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGvpkVA4mKw= PgBcjgMkeo3idlvj0ks5ri5xTgaJpZM4MQhwp">mute the thread.

= ----==_mimepart_58bcf65376b9_4f433fd17ff33c304112e-- From nobody Mon Mar 6 04:42:35 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.384 X-Spam-Level: X-Spam-Status: No, score=-0.384 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=E/64Q3l+R4Bs++08zrrRJmR0dvY=; b=GlWniGHQq+tdHJaD 39B/Hw6XElr6sm5EScyhZpN6mCDgh86GWIHgmGKQqiZbAli0dvBBEDXZ7JLx0sIH rJjAn288iPNOdYuQbMGxgniNBtN0r7j36KSyGcrd4smq9xwMNi8NRkh30v36vuIz A3wpXNn1SRGroxj8WM2AAT+BoO8= Date: Mon, 06 Mar 2017 04:42:29 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Editorial cleanup and improvements (#309) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bd5935d8b41_1f003fa27337dc3c3093ef"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Push Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 12:42:33 -0000 ----==_mimepart_58bd5935d8b41_1f003fa27337dc3c3093ef Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @igrigorik pushed 1 commit. 49a1f27 cleanup client vs user agent use -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/httpwg/http-extensions/pull/309/files/f5f3f8a62aea3593d682e55bf4a5170b6f9c84b4..49a1f278e79a1457c89ff49381f1ca7ff7f09d04 ----==_mimepart_58bd5935d8b41_1f003fa27337dc3c3093ef Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@igrigorik pushed 1 commit.

49a1f27 cleanup client vs user agent use

—
You are receiving this because you are subscribed to this thread.
View it on GitHub or mute the thread.

----==_mimepart_58bd5935d8b41_1f003fa27337dc3c3093ef-- From nobody Mon Mar 6 04:43:01 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.456 X-Spam-Level: X-Spam-Status: No, score=-0.456 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=MyCbQI5wJ8hnl96dCgmb4J+jrCE=; b=M7SaX5dIdEulMzrF 6o1YXQJsG0tz6BKHMVzf6VK1wYAqPvWnbRj53CRMRgBetbWzBcmHQ99AUFbp9dCj LvrwafsHytKhqYJkvlC1WYG1k3bzKng913G464I4mc2WS7E2fLnOEdQl8BlGTb1/ YRMjH25S8SmQTXY8zgjsyMqoS7Q= Date: Mon, 06 Mar 2017 04:42:56 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Editorial cleanup and improvements (#309) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bd5950b8f31_60b43f7ef9a6bc3083517"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 12:42:59 -0000 ----==_mimepart_58bd5950b8f31_60b43f7ef9a6bc3083517 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @mnot thanks, updated -- ptal. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/309#issuecomment-284385924 ----==_mimepart_58bd5950b8f31_60b43f7ef9a6bc3083517 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mnot thanks, updated -- ptal.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58bd5950b8f31_60b43f7ef9a6bc3083517-- From nobody Mon Mar 6 04:51:18 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=TRyX/ByFkSjRcuFVE1sI3fdUIt0=; b=QwANNlNlgY2Ib6Xn g1YmEmoH081Bbt54I0AxdO3tfx4QWM9llgQwYzhtmEY/+F/4M5K6y5dz+yk9B4Yi 2ghWdBwimo+ewoNHQu7bIEPQY+f0Ky8i+/JV4Y69RlB75/0leaZF8vmQF0fHauWS kYZwwehfqcMHVihZmnOEA63Hm5o= Date: Mon, 06 Mar 2017 04:51:14 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Scoping of Accept-CH (#307) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bd5b42890fb_43743fcbe3f3bc38208683"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 12:51:17 -0000 ----==_mimepart_58bd5b42890fb_43743fcbe3f3bc38208683 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit > It seems like there are a lot of potential dimensions that the server's preferences for sending CH could vary -- e.g., same-origin vs. third-party, navigation vs. subresource, etc. Are we offering the right capability (all requests from a given origin) here? Based on the experience and feedback so far.. yes. It's the simplest strategy that covers all the use cases, and everything else just adds more configuration and implementation complexity. > Will having one Accept-CH policy for an entire origin work? What if different resources need different headers? How should clients behave when they get conflicting lists of headers and/or lifetimes for a given origin? Last registration wins, similar to HSTS. > Using a cache to determine whether to sent hint headers means that the initial navigation request to a given origin won't have them, so any behaviour that depends on them will need a fallback. Is that just going to be "serve the heavier page", or something more complex? The former. Practically speaking, sites can't rely on CH hints being available from every browser in any case, so they need a fallback strategy regardless. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/307#issuecomment-284387675 ----==_mimepart_58bd5b42890fb_43743fcbe3f3bc38208683 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

It seems like there are a lot of potential dimensions that the server's = preferences for sending CH could vary -- e.g., same-origin vs. third-party,= navigation vs. subresource, etc. Are we offering the right capability (all= requests from a given origin) here?

Based on the experience and feedback so far.. yes. It's the simplest str= ategy that covers all the use cases, and everything else just adds more con= figuration and implementation complexity.

Will having one Accept-CH policy for an entire origin work? What if diff= erent resources need different headers? How should clients behave when they= get conflicting lists of headers and/or lifetimes for a given origin?

Last registration wins, similar to HSTS.

Using a cache to determine whether to sent hint headers means that the i= nitial navigation request to a given origin won't have them, so any behavio= ur that depends on them will need a fallback. Is that just going to be "ser= ve the heavier page", or something more complex?

The former. Practically speaking, sites can't rely on CH hints being ava= ilable from every browser in any case, so they need a fallback strategy reg= ardless.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyN9NqUKg7fL= ak5fTNUoBRRfHg63iks5rjAFCgaJpZM4MQhwp">mute the thread.

= ----==_mimepart_58bd5b42890fb_43743fcbe3f3bc38208683-- From nobody Mon Mar 6 05:31:29 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 06 Mar 2017 05:31:24 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1488807084; bh=YOeSpD7N3gBlNQOOvU+L8wleNIFFyXSf1DOrTlQfYCw=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=2XuLgfNR2BRfW8V4qzjN+hKZ+iaw8Ax+fqtKwBW5s2/78UbD/83sg7vlnJntuyPI+ 7+T9kkzc1wcV8HDT5vKXirsv6U0Y5eRK7BGkKxhetK9OWUWOQuXpDNbdgnSVeF6h6t POpwj18XJdvzmyTbXPoLtXdjrRycLZ5ci06aDgew= To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Allow servers to specify max-age in the client hints header (#306) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bd64acc2200_6c583fc6bf55fc381639ac"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 13:31:28 -0000 ----==_mimepart_58bd64acc2200_6c583fc6bf55fc381639ac Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Disclaimer: I'm new here, so please forgive possible naivety :) Thinking about this issue and other kinds of scoping mechanisms (`max-age` directives in Cache Control, Cookies or HSTS, well-known Origin Policy files etc.), I was wondering whether we could try to attach directives to manage site properties (such as CH scope) in both time "and space" to the TLS scope. A TLS certificate is a necessary prerequisite for many HTTP/Web extensions. E.g. HSTS headers are ignored without a validated certificate. We could limit the possible lifespan of any time-bound directive to the remaining TTL of the certificate. Say my LE certificate expires in 30 days; the user agent could store the CH settings for exactly this time span. Usually certificates are renewed before the expire. This should allow user agents to revalidate and reschedule the property expiry well before they expire. The same could apply to HSTS or other properties. A user agent may use this site/origin property until the certificate expires, and it must be revalidated at the next contact thereafter. The spatial scope of the certificate is somewhat boring, because it usually covers a whole origin in sense of `/` on a certain domain name. However, wildcard certificates or ones with more than one common name could be used to tie together a bunch of hostnames. We could use that as an outer bound for origin properties. More generally, could we transfer properties such as [Origin Policies](https://wicg.github.io/origin-policy/) or HSTS directives as part of the TLS handshake in an [ALPN](https://tools.ietf.org/html/rfc7301)-like fashion? This would enable the server to communicate transfer rules to the user agent before the first request on HTTP level is carried out. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/306#issuecomment-284396118 ----==_mimepart_58bd64acc2200_6c583fc6bf55fc381639ac Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Disclaimer: I'm new here, so please forgive possible naivety :)

Thinking about this issue and other kinds of scoping mechanisms (max-age directives in Cache Control, Cookies or HSTS, well-known = Origin Policy files etc.), I was wondering whether we could try to attach= directives to manage site properties (such as CH scope) in both time "an= d space" to the TLS scope.

A TLS certificate is a necessary prerequisite for many HTTP/Web extens= ions. E.g. HSTS headers are ignored without a validated certificate. We c= ould limit the possible lifespan of any time-bound directive to the remai= ning TTL of the certificate. Say my LE certificate expires in 30 days; th= e user agent could store the CH settings for exactly this time span. Usu= ally certificates are renewed before the expire. This should allow user a= gents to revalidate and reschedule the property expiry well before they e= xpire. The same could apply to HSTS or other properties. A user agent may= use this site/origin property until the certificate expires, and it must= be revalidated at the next contact thereafter.

The spatial scope of the certificate is somewhat boring, because it us= ually covers a whole origin in sense of / on a certain domai= n name. However, wildcard certificates or ones with more than one common = name could be used to tie together a bunch of hostnames. We could use tha= t as an outer bound for origin properties.

More generally, could we transfer properties such as Origin Policies or HSTS directives a= s part of the TLS handshake in an ALPN-like fashion? This would enable the server to communica= te transfer rules to the user agent before the first request on HTTP leve= l is carried out.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_58bd64acc2200_6c583fc6bf55fc381639ac-- From nobody Tue Mar 7 04:16:50 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.382 X-Spam-Level: X-Spam-Status: No, score=-5.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Tue, 07 Mar 2017 04:16:45 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1488889005; bh=70yj+OPuZEnCA+PJbZYXS8fEYMEkqN5zy0hfONQH53I=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=jhrXyJB40bL3Zz3RSIGSp0FP0trXxBqXi/dPVJqN3vmtOqWFsSG1mc2eQavkVFMJA kVx/Et267lwRaiHi9r71GROeUrwOH71Fmt8r+QMSp9WFdg8smf1n9G44f5N4GcplaZ d7TJGwsXD8WDcB55/CfmqLw5xbqpmXKnS+e6NUb0= To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Allow servers to specify max-age in the client hints header (#306) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bea4adc6986_6a363fbf8484bc2c2744e4"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 12:16:49 -0000 ----==_mimepart_58bea4adc6986_6a363fbf8484bc2c2744e4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @filex interesting idea, but I don't think we want to couple certificate lifetime to other settings.. there is no reason why cert lifetime is representative of the content lifetime transported over the TLS tunnel. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/306#issuecomment-284705948 ----==_mimepart_58bea4adc6986_6a363fbf8484bc2c2744e4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@filex= interesting idea, but I don't think we want to couple certificate lifeti= me to other settings.. there is no reason why cert lifetime is representa= tive of the content lifetime transported over the TLS tunnel.

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_58bea4adc6986_6a363fbf8484bc2c2744e4-- From nobody Tue Mar 7 19:53:16 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.617 X-Spam-Level: X-Spam-Status: No, score=-0.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=CUiBdhvAtdiFmfuy1P1GfNRyE+s=; b=iqD5WK+SGpW4GMci 3JGAjpYe+rlkSiunuoPOj1Y5h30DLnm6zOXV1gvW9OEWbrznUnc4Bvzk8gz4P4pd g2oqulvntuD5LDJojfz+3WBMcq566UpraM4CYEpZ5R6dFQthxlyDwC9sG9q1gTVX 5V5swoPy9c9c9x7GGMTqNZLdl6w= Date: Tue, 07 Mar 2017 19:53:11 -0800 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Allow servers to specify max-age in the client hints header (#306) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58bf8027d4eca_27943f958bacdc34185654"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2017 03:53:14 -0000 ----==_mimepart_58bf8027d4eca_27943f958bacdc34185654 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @filex, you will find that there is a great deal of reluctance to do that sort of thing. If we were to start doing that, then we would create another reason to lengthen the validity period of certificates. That's bad for security. In other words, is an *advantage* to have a logical separation of details of the authentication mechanism from the management of state. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/306#issuecomment-284939422 ----==_mimepart_58bf8027d4eca_27943f958bacdc34185654 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@filex, = you will find that there is a great deal of reluctance to do that sort of t= hing. If we were to start doing that, then we would create another reason = to lengthen the validity period of certificates. That's bad for security.<= /p>

In other words, is an advantage to have a logical separation of= details of the authentication mechanism from the management of state.

&mda= sh;
You are receiving this because you are subscribed to this thread.<= br />Reply to this email directly, view it on GitHub, or <= a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGM9Hyoa8lu= Ib6A2QCJinrDmhV4Rks5rjiYngaJpZM4MMxOI">mute the thread.

= ----==_mimepart_58bf8027d4eca_27943f958bacdc34185654-- From nobody Sat Mar 11 09:40:43 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: 0.599 X-Spam-Level: X-Spam-Status: No, score=0.599 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=0.7, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=iw0/jwER+/m0KAFnB8eiJpGpRJM=; b=BSJ13u2/aUoyLBY3 sisGViO5ajM2O8rQkxzYMa98k3tYULxml+hIPhB4mBLePnKsiUsxZ9kjJp/DND4/ +1NSHAYlbJG+24QkzEIHKmJT/3efxgQ1UxD7SXVOFpdvjRQLruL5oPydaoD8urVE AknN5vTnfuctnP0Um/f0bhUJ0uY= Date: Sat, 11 Mar 2017 09:40:38 -0800 To: httpwg/http-extensions Subject: [httpwg/http-extensions] RFC 7515 (base64url) is only used in examples and can be moved to informative (#310) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c4369679262_19a83faaa5173c2c22062d"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Mar 2017 17:40:42 -0000 ----==_mimepart_58c4369679262_19a83faaa5173c2c22062d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/310 ----==_mimepart_58c4369679262_19a83faaa5173c2c22062d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58c4369679262_19a83faaa5173c2c22062d-- From nobody Sun Mar 12 17:12:33 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.384 X-Spam-Level: X-Spam-Status: No, score=-0.384 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=g0o1VqoViZn9H2CoK7Py3UzkCJc=; b=dDn+BbpibsQ/AQgH NDvFxwSEq4HgyztzrHfoe3PO1L5fNozC/btBJ2ELzSeDMiGIUwP+MTZKr2JoMBjd S2UHbjxUznMOEDU3k1AMxdTSU7pZeKbTDwRy/aBz2nbsxCgRLDnjueI0ZVyFeng6 AEIDJn7ucKhA+srWQPiu1XHcfq0= Date: Sun, 12 Mar 2017 17:12:29 -0700 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] RFC 7515 (base64url) is only used in examples and can be moved to informative (#310) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c5e3ede6307_74953fb3fb83bc30192159"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 00:12:32 -0000 ----==_mimepart_58c5e3ede6307_74953fb3fb83bc30192159 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #310 via e943e904bdfb2cf5e5d443405a998ec314c07015. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/310#event-996524912 ----==_mimepart_58c5e3ede6307_74953fb3fb83bc30192159 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #310 via e943e90.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58c5e3ede6307_74953fb3fb83bc30192159-- From nobody Mon Mar 13 09:16:55 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.382 X-Spam-Level: X-Spam-Status: No, score=-5.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 13 Mar 2017 09:16:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1489421807; bh=VhkInhoDRBWQEkjnIsNmUDkVJMiY/5/Uw1tBy1SGgcc=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=UT9XFreddjnqILxtmFArHSXgUqRifuQrAXUvSWY2Yg1O+9vutmqBVeZX3V5Iq3nmc OEi9/fv+EzUv/i50AWWa+0Zx6SrNYp4D6Ihf94j3ajCC3vTp1z5JqvyyhqR42QaBCg /HUEo2Ai9uroDV/WWIT3sABc1yjfaZdrdoyStx3w= To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] The inverse of immutable (#288) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c6c5eef2c07_62ca3fc2edf9bc2c11612"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 16:16:54 -0000 ----==_mimepart_58c6c5eef2c07_62ca3fc2edf9bc2c11612 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit I can imagine such an extension, but its not this one and this one isn't incompatible with adding such a thing in a separate draft. immutable is based on running code and I'm not comfortable expanding that scope here. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/288#issuecomment-286157927 ----==_mimepart_58c6c5eef2c07_62ca3fc2edf9bc2c11612 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I can imagine such an extension, but its not this one and this one isn= 't incompatible with adding such a thing in a separate draft. immutable i= s based on running code and I'm not comfortable expanding that scope here= .

&m= dash;
You are receiving this because you are subscribed to this thre= ad.
Reply to this email directly, view it on GitHub, or mute the thread.

= ----==_mimepart_58c6c5eef2c07_62ca3fc2edf9bc2c11612-- From nobody Mon Mar 13 09:26:23 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.383 X-Spam-Level: X-Spam-Status: No, score=-0.383 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=M/WRte+eYpYTq/d7o/E/n1n+N94=; b=CvwB0melqI1K11yE NRXZct5rO2XSsbwDdrBwBsO7xFzv0eCuq7fGT3Hfrr90W48F5T0C5YvQxI496nr2 XgpiEeVerxJ/wTFnbHBALbZQ8XzCm/TDB/SOY91MBuYkB4Y1UBPVW7de1d9+oHMD xWWbmQoSF6Jnoql1L6LxweaL2hM= Date: Mon, 13 Mar 2017 09:26:12 -0700 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Immutable editorial (#287) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c6c824a27a2_2b663f9cdf25fc2c1519fd"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Push Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 16:26:19 -0000 ----==_mimepart_58c6c824a27a2_2b663f9cdf25fc2c1519fd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @mcmanus pushed 1 commit. 1c29668 Merge branch 'master' into immutable-editorial -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/httpwg/http-extensions/pull/287/files/4923ad83f38d0b278a1823b40d7000073db1a679..1c2966821a2c2bfd6319dad90e61fc1fb662f074 ----==_mimepart_58c6c824a27a2_2b663f9cdf25fc2c1519fd Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

@mcmanus pushed 1 commit.

1c29668 Merge branch 'master' into immutable-editorial

—
You are receiving this because you are subscribed to this thread.
View it on GitHub or mute the thread.

----==_mimepart_58c6c824a27a2_2b663f9cdf25fc2c1519fd-- From nobody Mon Mar 13 09:26:39 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.454 X-Spam-Level: X-Spam-Status: No, score=-5.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 13 Mar 2017 09:26:33 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1489422393; bh=66w2K7Uzlq5sVAj5sZ7sYcNT7ON7pLAGMQXRNEsBmdU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=MMzmWvWOa2oi8J0BBjqM1jHniOa/jsyJ850dH9MkLBmJPSi9OkeGRqkApboCD29Ay 3fCHZiYvZOqUUrlyn/R2TJ1vg37QXcvtJtenxrFJiWwXPGsjHuRo/rkJ0B0+GTyL4B 0TC0wcbtJ4F3DO9wrg5E1xF8uIks99uZM+5y4ThE= To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] Immutable editorial (#287) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c6c839e02a7_21143fb611523c3811910"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 16:26:39 -0000 ----==_mimepart_58c6c839e02a7_21143fb611523c3811910 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit thanks for this -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/pull/287#issuecomment-286161197 ----==_mimepart_58c6c839e02a7_21143fb611523c3811910 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

thanks for this

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58c6c839e02a7_21143fb611523c3811910-- From nobody Mon Mar 13 09:29:08 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -5.382 X-Spam-Level: X-Spam-Status: No, score=-5.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com Date: Mon, 13 Mar 2017 09:29:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1489422543; bh=hiY/7asquApT8YYwyVfrgT6KU68k8M+otZ7kzcsxzlw=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=1Vv/IGSUpw5DIyzajUX+/b357D+dErQwjUkTDgwuG16hiDuylTbu8+jVciYpTYcOC LkjVQP0MnKyiwvMFJl/k9aBNLRNrG5xklw2Hls+1jfAA2Mwg1KOCzov30IvUzUVvlI T0MP1BphOO65xgW9hS2Chv+2fzyg9icBxIbsyESc= To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] About Intermediaries (#290) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c6c8cfbc3bd_4c283febc648bc2c443012"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 16:29:06 -0000 ----==_mimepart_58c6c8cfbc3bd_4c283febc648bc2c443012 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #290. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/290#event-997557038 ----==_mimepart_58c6c8cfbc3bd_4c283febc648bc2c443012 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Closed #290.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58c6c8cfbc3bd_4c283febc648bc2c443012-- From nobody Mon Mar 13 09:29:11 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.455 X-Spam-Level: X-Spam-Status: No, score=-0.455 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=AFsG40bU9BIYRpBcEW3W0mk7Qek=; b=n0va+QErjyLodF6Z WOMOo3bR5DgwHKR8LsK1o4t5xNBGlQWR/Db1Y/kvYzQBd64Pf5kuvf6T8exV+i20 Si3gPZvJzGmwDuFU5+4Mf2slQNfsjvFeIleGTXVMKKdI4xiDQoHqMc5k1mkjGrQ0 UvSeAGjPUwND7Y0iet5gad3zDqk= Date: Mon, 13 Mar 2017 09:29:03 -0700 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] About Intermediaries (#290) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c6c8cf7aa5a_6f4a3f9cdf25fc2c29716b"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: Cc: Subscribed Message-ID: From: HTTP issue updates X-BeenThere: http-issues@ietf.org X-Mailman-Version: 2.1.17 Reply-To: http-issues@ietf.org List-Id: HTTP issue updates List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 16:29:07 -0000 ----==_mimepart_58c6c8cf7aa5a_6f4a3f9cdf25fc2c29716b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit https://github.com/httpwg/http-extensions/commit/fdc18b2ae5fee1e2a2540ca8d71ba0ed2553104b -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/290#issuecomment-286162050 ----==_mimepart_58c6c8cf7aa5a_6f4a3f9cdf25fc2c29716b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

fdc18b2

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

----==_mimepart_58c6c8cf7aa5a_6f4a3f9cdf25fc2c29716b-- From nobody Mon Mar 13 09:29:59 2017 Delivered-To: http-issues@ietfa.amsl.com X-Spam-Flag: NO X-Spam-Score: -0.402 X-Spam-Level: X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=R7dV/3CjJPeVlEZ0m+NS4bCngDk=; b=qg8NyOYwgDYctnii pDrit/e4wFugFOHvErb0gJBCxeo2wmFUILa23WN5FkTsqmFTeN7CuKKR+UxwLpF/ PfWVMfFHEIl6K4Nnb7w96xk1cwsYqSieu2EhUBsePsJsGm/xo48J9psqSaJcbcbW f5GUtL63RrrcqdHJjUfI6NHNcOA= Date: Mon, 13 Mar 2017 09:29:48 -0700 To: httpwg/http-extensions In-Reply-To: References: Subject: Re: [httpwg/http-extensions] immutable definition (#289) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_58c6c8fc3e152_3c933fc2edf9bc2c1701c8"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list Archived-At: