From nobody Tue Aug  1 07:19:02 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level: 
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=GRoBfc2B7hjAI8Am8M+vUvWA9xY=; b=piAJ8LBR4hmt7lnr ml312NOpXmQ7B8p/kzI3O0GyMCqnk4+1T+vIVqbMmecFarvAfnytZVm4PkbDaFx0 4yKRUb5cURZmLblJ9lUEHECIZGbg3V/Cv2gajJkQUaQYEyq1xS5SIl75bThLOiaQ i0k35jwkmQ6w9q1WS7ZCBOxDEYs=
Date: Tue, 01 Aug 2017 14:18:57 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59808dd017860_1a9443fbffd7abc3034623"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/l1YrJub-GW4B6UrGG0GQ-TunXdI>
Message-ID: <mailman.414.1501597142.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 14:19:02 -0000

----==_mimepart_59808dd017860_1a9443fbffd7abc3034623
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

how about a non normative should.. that way you're describing the tradeoffs
in a way that sheds some light on the situation (with examples) but not
doing a normative "do something unspecific"


On Mon, Jul 31, 2017 at 7:52 PM, Mark Nottingham <notifications@github.com>
wrote:

> Hmm. I suspect a requirement that's so vague won't get through IESG, but I
> guess we can try it.
>
> =E2=80=94
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/httpwg/http-extensions/issues/330#issuecomment-319228=
529>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAP5syDDXgoZVomlOAAPMB=
OMGirt8jraks5sTmjBgaJpZM4NEzUM>
> .
>


--=20
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-319383835=

----==_mimepart_59808dd017860_1a9443fbffd7abc3034623
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

how about a non normative should.. that way you&#39;re describing the trade=
offs<br>
in a way that sheds some light on the situation (with examples) but not<br>
doing a normative &quot;do something unspecific&quot;<br>
<br>
<br>
On Mon, Jul 31, 2017 at 7:52 PM, Mark Nottingham &lt;notifications@github.c=
om&gt;<br>
wrote:<br>
<br>
&gt; Hmm. I suspect a requirement that&#39;s so vague won&#39;t get through=
 IESG, but I<br>
&gt; guess we can try it.<br>
&gt;<br>
&gt; =E2=80=94<br>
&gt; You are receiving this because you are subscribed to this thread.<br>
&gt; Reply to this email directly, view it on GitHub<br>
&gt; &lt;https://github.com/httpwg/http-extensions/issues/330#issuecomment-=
319228529&gt;,<br>
&gt; or mute the thread<br>
&gt; &lt;https://github.com/notifications/unsubscribe-auth/AAP5syDDXgoZVoml=
OAAPMBOMGirt8jraks5sTmjBgaJpZM4NEzUM&gt;<br>
&gt; .<br>
&gt;<br>


<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/330#issuecomment-319383835">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyJDXdUFEz19=
H-JGIxj0VrUR1YKHNks5sTzPQgaJpZM4NEzUM">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyJDEG2iPYQj7i=
HxHv_RjszqXtI6oks5sTzPQgaJpZM4NEzUM.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/330#issuecomment-319383835"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mcmanus in #330: ho=
w about a non normative should.. that way you're describing the tradeoffs\n=
in a way that sheds some light on the situation (with examples) but not\ndo=
ing a normative \"do something unspecific\"\n\n\nOn Mon, Jul 31, 2017 at 7:=
52 PM, Mark Nottingham \u003cnotifications@github.com\u003e\nwrote:\n\n\u00=
3e Hmm. I suspect a requirement that's so vague won't get through IESG, but=
 I\n\u003e guess we can try it.\n\u003e\n\u003e =E2=80=94\n\u003e You are r=
eceiving this because you are subscribed to this thread.\n\u003e Reply to t=
his email directly, view it on GitHub\n\u003e \u003chttps://github.com/http=
wg/http-extensions/issues/330#issuecomment-319228529\u003e,\n\u003e or mute=
 the thread\n\u003e \u003chttps://github.com/notifications/unsubscribe-auth=
/AAP5syDDXgoZVomlOAAPMBOMGirt8jraks5sTmjBgaJpZM4NEzUM\u003e\n\u003e .\n\u00=
3e\n"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http=
-extensions/issues/330#issuecomment-319383835"}}}</script>=

----==_mimepart_59808dd017860_1a9443fbffd7abc3034623--


From nobody Tue Aug  1 07:22:41 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.254
X-Spam-Level: 
X-Spam-Status: No, score=-8.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Tue, 01 Aug 2017 07:22:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501597357; bh=M0DeC0BjYUZvTH9Aps1n6nSy7uXeDpWWZZTDsIrHCgs=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=xKbSoIE5AlnlR9OrEX9y2olV/6/2tz3fJJPZPpQWRgTQ+GYe5AuF8u/B7p/JV+oIx 2C87BgU5iUmITqu7P7zHybltp2pc7gZDQ5QpMQhiGlKT83cGIIIahiOOsDV9dWqkdG 75hUmmCrmHKdme3+5W77H6afVVcByQedR9nwm7CY=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59808ead1b637_206333fbffd7abc30429d2"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/ouXiJ2MKT-16HDWi8AAD44u4-7U>
Message-ID: <mailman.415.1501597360.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 14:22:39 -0000

----==_mimepart_59808ead1b637_206333fbffd7abc30429d2
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Seems ripe for an RFC6919 MAY WISH TO or SHOULD CONSIDER.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-319384967
----==_mimepart_59808ead1b637_206333fbffd7abc30429d2
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Seems ripe for an RFC6919 MAY WISH TO or SHOULD CONSIDER.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-319384967">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyEWxfVFHsSfZuWTgy5UGri-ra7Cmks5sTzStgaJpZM4NEzUM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyOeXMoTcM9RgzaHjdSH7tDCyjhyVks5sTzStgaJpZM4NEzUM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-319384967"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@MikeBishop in #330: Seems ripe for an RFC6919 MAY WISH TO or SHOULD CONSIDER."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/330#issuecomment-319384967"}}}</script>
----==_mimepart_59808ead1b637_206333fbffd7abc30429d2--


From nobody Tue Aug  1 12:47:31 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.475
X-Spam-Level: 
X-Spam-Status: No, score=-0.475 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ClM2kmKGuWBBSLsvDXNStYOHKVg=; b=xAW73Z696SqfOgxe GqI3BbSIiYEZAQx3DERAjsJ9l8GhFFviDunP6HJBFjBeokxncg2pHU7LjYonw03k fAhqvtfJw8G4hX0zB6l2C8yLKRlHghBz4Mqr1EeYtsZFFjxV8r77ULpXX5YBx9gX diLV3GqF2Kzd8tX4eyszuG+nF4E=
Date: Tue, 01 Aug 2017 19:47:27 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5980dacea5052_2d0d83f95ed09bc2c1081fe"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/_yfZ4KHaB2rGG0QtuqjzXvck1GY>
Message-ID: <mailman.516.1501616850.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2017 19:47:30 -0000

----==_mimepart_5980dacea5052_2d0d83f95ed09bc2c1081fe
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

/me is very tempted to get a 6919 ref in there

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-319476562
----==_mimepart_5980dacea5052_2d0d83f95ed09bc2c1081fe
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>/me is very tempted to get a 6919 ref in there</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-319476562">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKHeHGLDc1bLL_b_O0IqQYSjweWkks5sT4DOgaJpZM4NEzUM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyLs9IOpXFNhqwy3DyQEJkck_oDvhks5sT4DOgaJpZM4NEzUM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-319476562"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #330: /me is very tempted to get a 6919 ref in there"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/330#issuecomment-319476562"}}}</script>
----==_mimepart_5980dacea5052_2d0d83f95ed09bc2c1081fe--


From nobody Wed Aug  2 22:23:55 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.02
X-Spam-Level: 
X-Spam-Status: No, score=-7.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Wed, 02 Aug 2017 22:23:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501737830; bh=3VyyftdzGlFAnmTzG5+vuyub0LTjWKK2FzMSDidimdc=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=C4ui9uuVqwWz9Bn0M2YS/MSYw070Mw6VRyULRVaD1E+L+Uf1Pa439P4cLSP7P72J6 zrQTFOSDChUDRCVp0vpt6YsJUdWla1saHYES/+ZYPci3hs7yZBgC6gnQUeUPJxSxQN YkocJlTmqALirAhiW2TjFfKva05+4HETAIFRwP/s=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/373@github.com>
References: <httpwg/http-extensions/pull/373@github.com>
Subject: Re: [httpwg/http-extensions] Scope Accept-CH opt-in to same origin (#373)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5982b366c3851_30233fe22679bc2c27151"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/XVIRWcKAd9WCM4QdFpiG7gFAKKU>
Message-ID: <mailman.803.1501737835.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 05:23:54 -0000

----==_mimepart_5982b366c3851_30233fe22679bc2c27151
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

mnot commented on this pull request.

A few things I saw. Overall I think this approach looks good. Still need to see the whole spec after changes before doing a final review; need to see it in situ (and I suspect others will too).

> @@ -101,9 +102,9 @@ A Client Hint request header field is a HTTP header field that is used by HTTP c
 
 ## Sending Client Hints
 
-Clients control which Client Hints are sent in requests, based on their default settings, user configuration and/or preferences. Implementers might provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. Implementations specific to certain use cases or threat models might avoid transmitting these header fields altogether, or limit them to secure contexts or authenticated sessions. Implementers should be aware that explaining the privacy implications of passive fingerprinting or network information disclosure may be challenging.
+Clients control which Client Hints are sent in requests, based on their default settings, user configuration and/or preferences. The client and server, or an intermediate proxy, can use an opt-in mechanism outlined below to negotiate which fields should be sent to allow for efficient content adaption.

Is the intent of including 'intermediary proxy' to include CDNs, or to also include forward proxies? If it's just CDN/reverse proxies, I'd remove it; it's widely understood that they're acting as a server. 'intermediary proxy' means "forward proxy" and I don't think you want that.

> @@ -127,28 +128,28 @@ For example:
   Accept-CH: DPR, Width, Viewport-Width
 ~~~
 
-When a client receives Accept-CH, or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the origin ({{RFC6454}}) is interested in receiving specified request header fields that match the advertised field-values; same-origin resource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.
+When a client receives Accept-CH from a potentially trustworthy origin ({{SECURE-CONTEXTS}}), or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the origin ({{RFC6454}}) is interested in receiving specified request header fields that match the advertised field-values; same-origin resource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.

This reads as if you can either have a secure origin OR include the HTML meta tag to get Accept-CH processed; is that the intent?

>  
 ~~~ abnf7230
   Accept-CH-Lifetime = #delta-seconds
 ~~~
 
-The field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds.
+When a client receives Accept-CH-Lifetime from a potentially trustworthy origin ("opt-in origin"), the field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds, and if applicable, persisted as a double-keyed preference that combines the values of the opt-in origin and the potentially trustworthy origin of the resource that initiated the request that received the opt-in preference.

Age in relation to what?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-53995997
----==_mimepart_5982b366c3851_30233fe22679bc2c27151
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><b>@mnot</b> commented on this pull request.</p>

<p>A few things I saw. Overall I think this approach looks good. Still need to see the whole spec after changes before doing a final review; need to see it in situ (and I suspect others will too).</p><hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131055193">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt; @@ -101,9 +102,9 @@ A Client Hint request header field is a HTTP header field that is used by HTTP c
 
 ## Sending Client Hints
 
-Clients control which Client Hints are sent in requests, based on their default settings, user configuration and/or preferences. Implementers might provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. Implementations specific to certain use cases or threat models might avoid transmitting these header fields altogether, or limit them to secure contexts or authenticated sessions. Implementers should be aware that explaining the privacy implications of passive fingerprinting or network information disclosure may be challenging.
+Clients control which Client Hints are sent in requests, based on their default settings, user configuration and/or preferences. The client and server, or an intermediate proxy, can use an opt-in mechanism outlined below to negotiate which fields should be sent to allow for efficient content adaption.
</pre>
<p>Is the intent of including 'intermediary proxy' to include CDNs, or to also include forward proxies? If it's just CDN/reverse proxies, I'd remove it; it's widely understood that they're acting as a server. 'intermediary proxy' means "forward proxy" and I don't think you want that.</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131055336">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt; @@ -127,28 +128,28 @@ For example:
   Accept-CH: DPR, Width, Viewport-Width
 ~~~
 
-When a client receives Accept-CH, or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the origin ({{RFC6454}}) is interested in receiving specified request header fields that match the advertised field-values; same-origin resource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.
+When a client receives Accept-CH from a potentially trustworthy origin ({{SECURE-CONTEXTS}}), or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the origin ({{RFC6454}}) is interested in receiving specified request header fields that match the advertised field-values; same-origin resource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.
</pre>
<p>This reads as if you can either have a secure origin OR include the HTML meta tag to get Accept-CH processed; is that the intent?</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131055440">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt;  
 ~~~ abnf7230
   Accept-CH-Lifetime = #delta-seconds
 ~~~
 
-The field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds.
+When a client receives Accept-CH-Lifetime from a potentially trustworthy origin (&quot;opt-in origin&quot;), the field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds, and if applicable, persisted as a double-keyed preference that combines the values of the opt-in origin and the potentially trustworthy origin of the resource that initiated the request that received the opt-in preference.
</pre>
<p>Age in relation to what?</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-53995997">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyCsykBB7uQxhBXMZieAG71hLOkbwks5sUVlmgaJpZM4Ofn8z">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyL7JtXYswqPSeoBi89MsJmwoHTVCks5sUVlmgaJpZM4Ofn8z.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-53995997"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot commented on #373"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-53995997"}}}</script>
----==_mimepart_5982b366c3851_30233fe22679bc2c27151--


From nobody Thu Aug  3 00:28:55 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level: 
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=8XBByHd2K/uDSkqb7jJQ32hfheU=; b=fYQP1RB6RRfez8yk +O3F0fp1GgZsRwfJcTLc+9xttQStL1DKaelPLR0lXe5TA71sWTYLxWiHiU3Fc2Xg E4Kqkd+MbAIWcYvRJCAJn3Ne4EaPOM2/k0pC997T7U8qjgBoxAdTfGA71c0zsndQ 6MhUkBrHwGS0O+o8EQaj0xUtDO0=
Date: Thu, 03 Aug 2017 07:28:50 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/373@github.com>
References: <httpwg/http-extensions/pull/373@github.com>
Subject: Re: [httpwg/http-extensions] Scope Accept-CH opt-in to same origin (#373)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5982d0b1d98f3_7d7d3feb068afc3810236b"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/r0shvWCGfoAnY3TC7wX8-nbbatA>
Message-ID: <mailman.815.1501745334.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 07:28:54 -0000

----==_mimepart_5982d0b1d98f3_7d7d3feb068afc3810236b
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

martinthomson commented on this pull request.



> @@ -127,28 +128,28 @@ For example:
   Accept-CH: DPR, Width, Viewport-Width
 ~~~
 
-When a client receives Accept-CH, or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the application is interested in receiving specified request header fields that match the advertised field-values; subresource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.
+When a client receives Accept-CH from a potentially trustworthy origin ({{SECURE-CONTEXTS}}), or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the origin ({{RFC6454}}) is interested in receiving specified request header fields that match the advertised field-values; same-origin resource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.

The addition of the reference to SECURE-CONTEXTS is new here, and unnecessary.  The requirement here is not that the context is secure (that's a notion that belongs to the web, not HTTP generally), but that the `Accept-CH` is both authentic and integrity protected.  You should limit the use of `Accept-CH` to HTTPS.

>  
 ~~~ abnf7230
   Accept-CH-Lifetime = #delta-seconds
 ~~~
 
-The field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds.
+When a client receives Accept-CH-Lifetime from a potentially trustworthy origin ("opt-in origin"), the field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds, and if applicable, persisted as a double-keyed preference that combines the values of the opt-in origin and the potentially trustworthy origin of the resource that initiated the request that received the opt-in preference.

"double-keyed" is a new concept for the protocol here, and one that (again) really only makes sense on the web.  The property that you are looking for is that the persisted state is bound to the origin.  You should allow it to be more narrowly bound, but the point is to constrain its maximum scope.  Choosing a narrower scope is a discretionary thing that might be done by web browsers.

Also, I find the phrasing of this last bit cumbersome and hard to follow.  The point is that permission to persist might be scope (see above).

>  
-For example, sending Client Hints on all requests can make information about the user's environment available to origins that otherwise did not have access to this data, which may or may not be the desired outcome - e.g. this may enable an image optimization service to deliver a tailored asset, and it may reveal same information about the user to other origins that may not have had access to it before. Similarly, sending highly granular data, such as image and viewport width may help identify users across multiple requests. Restricting such field values to an enumerated range, where the user agent advertises a threshold value that is close but is not an exact representation of the current value, can help mitigate the risk of such fingerprinting.
+Transmitted Client Hints header fields should not provide new information that is otherwise not available to the application via HTML, CSS, or JavaScript.  Further, sending highly granular data, such as image and viewport width may help identify users across multiple requests. Restricting such field values to an enumerated range, where the advertised value is close but is not an exact representation of the current value, can help mitigate the risk of such fingerprinting as well as reduce possibility of unnecessary cache fragmentation.

The term you are looking for here is "linkability" or "linkable".  The more information that a request contains, the more likely an adversary is to be able to correctly identify two requests as belonging to the same user agent (i.e., link the two).

The claim here (reducing the accuracy of field values) isn't generically true.  I believe that it is true for the hints defined in this document, but the structure of this document is such that it might be taken as a universal truth.  For something like the proposed Geolocation header field, which is a continuous-valued field, this claim would be false (read [Section 13.5 of RFC 6772](https://tools.ietf.org/html/rfc6772#section-13.5) for background).

>  
-Implementers ought to provide mechanisms and policies to control how and when such hints are advertised. For example, they could require origin opt-in via Accept-CH; clear remembered opt-in, as set by Accept-CH-Lifetime, when site data, browsing history, browsing cache, or similar, are cleared; restrict delivery to same origin subrequests; limit delivery to requests that already carry identifying information (e.g. cookies); modify delivery policy when in an "incognito" or a similar privacy mode; enable user configuration and opt in, and so on.
+Implementers should consider both user and server controlled mechanisms and policies to control which Client Hints header fields are advertised:
+
+  - Implementers may provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. However, implementers should also be aware that explaining the privacy implications of passive fingerprinting or network information disclosure to users may be challenging.
+  - Implementers should support double-keyed Client Hints opt-in requested by potentially trustworthy origins via Accept-CH and Accept-CH-Lifetime header fields, and clear remembered opt-in when site data, browsing history, browsing cache, or similar, are cleared.

should is not sufficient here: information that is persisted for an origin MUST be reset when any action that is designed to break linkability is executed (clearing cookies is one such action)

>  
-Implementers ought to provide mechanisms and policies to control how and when such hints are advertised. For example, they could require origin opt-in via Accept-CH; clear remembered opt-in, as set by Accept-CH-Lifetime, when site data, browsing history, browsing cache, or similar, are cleared; restrict delivery to same origin subrequests; limit delivery to requests that already carry identifying information (e.g. cookies); modify delivery policy when in an "incognito" or a similar privacy mode; enable user configuration and opt in, and so on.
+Implementers should consider both user and server controlled mechanisms and policies to control which Client Hints header fields are advertised:
+
+  - Implementers may provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. However, implementers should also be aware that explaining the privacy implications of passive fingerprinting or network information disclosure to users may be challenging.
+  - Implementers should support double-keyed Client Hints opt-in requested by potentially trustworthy origins via Accept-CH and Accept-CH-Lifetime header fields, and clear remembered opt-in when site data, browsing history, browsing cache, or similar, are cleared.
+  - Implementations specific to certain use cases or threat models may avoid transmitting Client Hints header fields altogether or limit them to authenticated sessions only that already carry identifying information, such as cookies or referer data.

MAY is extremely weak and "may" is even weaker.  It seems like these are generally fixed values, akin to User-Agent, but others thus far proposed (see again Geolocation) aren't.  It seems like the advice here is intended to be generic, so what are the criteria an implementation might use to decide to send or suppress these fields if cookies are not being sent?

>  
-Implementers ought to provide mechanisms and policies to control how and when such hints are advertised. For example, they could require origin opt-in via Accept-CH; clear remembered opt-in, as set by Accept-CH-Lifetime, when site data, browsing history, browsing cache, or similar, are cleared; restrict delivery to same origin subrequests; limit delivery to requests that already carry identifying information (e.g. cookies); modify delivery policy when in an "incognito" or a similar privacy mode; enable user configuration and opt in, and so on.
+Implementers should consider both user and server controlled mechanisms and policies to control which Client Hints header fields are advertised:
+
+  - Implementers may provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. However, implementers should also be aware that explaining the privacy implications of passive fingerprinting or network information disclosure to users may be challenging.
+  - Implementers should support double-keyed Client Hints opt-in requested by potentially trustworthy origins via Accept-CH and Accept-CH-Lifetime header fields, and clear remembered opt-in when site data, browsing history, browsing cache, or similar, are cleared.
+  - Implementations specific to certain use cases or threat models may avoid transmitting Client Hints header fields altogether or limit them to authenticated sessions only that already carry identifying information, such as cookies or referer data.
+
+Following the above recommendations should significantly reduce the risks of linkability and passive fingerprinting.

You don't want to make this claim.  It's fairly easy to show it as false.  If your claim is that the incremental increase in linkability (over not sending hints) is reduced significantly, that might be true, but I doubt that also.  This is making a trade-off - if the information is basically already available via User-Agent or script, then this isn't a big increase, but in other cases it could be a big change.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-54009185
----==_mimepart_5982d0b1d98f3_7d7d3feb068afc3810236b
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><b>@martinthomson</b> commented on this pull request.</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131066992">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt; @@ -127,28 +128,28 @@ For example:
   Accept-CH: DPR, Width, Viewport-Width
 ~~~
 
-When a client receives Accept-CH, or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the application is interested in receiving specified request header fields that match the advertised field-values; subresource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.
+When a client receives Accept-CH from a potentially trustworthy origin ({{SECURE-CONTEXTS}}), or if it is capable of processing the HTML response and finds an equivalent HTML meta element, it can treat it as a signal that the origin ({{RFC6454}}) is interested in receiving specified request header fields that match the advertised field-values; same-origin resource requests initiated as a result of processing the response from the server that includes the Accept-CH opt-in can include the request header fields that match the advertised field-values.
</pre>
<p>The addition of the reference to SECURE-CONTEXTS is new here, and unnecessary.  The requirement here is not that the context is secure (that's a notion that belongs to the web, not HTTP generally), but that the <code>Accept-CH</code> is both authentic and integrity protected.  You should limit the use of <code>Accept-CH</code> to HTTPS.</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131067501">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt;  
 ~~~ abnf7230
   Accept-CH-Lifetime = #delta-seconds
 ~~~
 
-The field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds.
+When a client receives Accept-CH-Lifetime from a potentially trustworthy origin (&quot;opt-in origin&quot;), the field-value indicates that the Accept-CH preference SHOULD be considered stale after its age is greater than the specified number of seconds, and if applicable, persisted as a double-keyed preference that combines the values of the opt-in origin and the potentially trustworthy origin of the resource that initiated the request that received the opt-in preference.
</pre>
<p>"double-keyed" is a new concept for the protocol here, and one that (again) really only makes sense on the web.  The property that you are looking for is that the persisted state is bound to the origin.  You should allow it to be more narrowly bound, but the point is to constrain its maximum scope.  Choosing a narrower scope is a discretionary thing that might be done by web browsers.</p>
<p>Also, I find the phrasing of this last bit cumbersome and hard to follow.  The point is that permission to persist might be scope (see above).</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131068649">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt;  
-For example, sending Client Hints on all requests can make information about the user&#39;s environment available to origins that otherwise did not have access to this data, which may or may not be the desired outcome - e.g. this may enable an image optimization service to deliver a tailored asset, and it may reveal same information about the user to other origins that may not have had access to it before. Similarly, sending highly granular data, such as image and viewport width may help identify users across multiple requests. Restricting such field values to an enumerated range, where the user agent advertises a threshold value that is close but is not an exact representation of the current value, can help mitigate the risk of such fingerprinting.
+Transmitted Client Hints header fields should not provide new information that is otherwise not available to the application via HTML, CSS, or JavaScript.  Further, sending highly granular data, such as image and viewport width may help identify users across multiple requests. Restricting such field values to an enumerated range, where the advertised value is close but is not an exact representation of the current value, can help mitigate the risk of such fingerprinting as well as reduce possibility of unnecessary cache fragmentation.
</pre>
<p>The term you are looking for here is "linkability" or "linkable".  The more information that a request contains, the more likely an adversary is to be able to correctly identify two requests as belonging to the same user agent (i.e., link the two).</p>
<p>The claim here (reducing the accuracy of field values) isn't generically true.  I believe that it is true for the hints defined in this document, but the structure of this document is such that it might be taken as a universal truth.  For something like the proposed Geolocation header field, which is a continuous-valued field, this claim would be false (read <a href="https://tools.ietf.org/html/rfc6772#section-13.5">Section 13.5 of RFC 6772</a> for background).</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131069009">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt;  
-Implementers ought to provide mechanisms and policies to control how and when such hints are advertised. For example, they could require origin opt-in via Accept-CH; clear remembered opt-in, as set by Accept-CH-Lifetime, when site data, browsing history, browsing cache, or similar, are cleared; restrict delivery to same origin subrequests; limit delivery to requests that already carry identifying information (e.g. cookies); modify delivery policy when in an &quot;incognito&quot; or a similar privacy mode; enable user configuration and opt in, and so on.
+Implementers should consider both user and server controlled mechanisms and policies to control which Client Hints header fields are advertised:
+
+  - Implementers may provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. However, implementers should also be aware that explaining the privacy implications of passive fingerprinting or network information disclosure to users may be challenging.
+  - Implementers should support double-keyed Client Hints opt-in requested by potentially trustworthy origins via Accept-CH and Accept-CH-Lifetime header fields, and clear remembered opt-in when site data, browsing history, browsing cache, or similar, are cleared.
</pre>
<p>should is not sufficient here: information that is persisted for an origin MUST be reset when any action that is designed to break linkability is executed (clearing cookies is one such action)</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131069626">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt;  
-Implementers ought to provide mechanisms and policies to control how and when such hints are advertised. For example, they could require origin opt-in via Accept-CH; clear remembered opt-in, as set by Accept-CH-Lifetime, when site data, browsing history, browsing cache, or similar, are cleared; restrict delivery to same origin subrequests; limit delivery to requests that already carry identifying information (e.g. cookies); modify delivery policy when in an &quot;incognito&quot; or a similar privacy mode; enable user configuration and opt in, and so on.
+Implementers should consider both user and server controlled mechanisms and policies to control which Client Hints header fields are advertised:
+
+  - Implementers may provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. However, implementers should also be aware that explaining the privacy implications of passive fingerprinting or network information disclosure to users may be challenging.
+  - Implementers should support double-keyed Client Hints opt-in requested by potentially trustworthy origins via Accept-CH and Accept-CH-Lifetime header fields, and clear remembered opt-in when site data, browsing history, browsing cache, or similar, are cleared.
+  - Implementations specific to certain use cases or threat models may avoid transmitting Client Hints header fields altogether or limit them to authenticated sessions only that already carry identifying information, such as cookies or referer data.
</pre>
<p>MAY is extremely weak and "may" is even weaker.  It seems like these are generally fixed values, akin to User-Agent, but others thus far proposed (see again Geolocation) aren't.  It seems like the advice here is intended to be generic, so what are the criteria an implementation might use to decide to send or suppress these fields if cookies are not being sent?</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/373#discussion_r131070061">draft-ietf-httpbis-client-hints.md</a>:</p>
<pre style='color:#555'>&gt;  
-Implementers ought to provide mechanisms and policies to control how and when such hints are advertised. For example, they could require origin opt-in via Accept-CH; clear remembered opt-in, as set by Accept-CH-Lifetime, when site data, browsing history, browsing cache, or similar, are cleared; restrict delivery to same origin subrequests; limit delivery to requests that already carry identifying information (e.g. cookies); modify delivery policy when in an &quot;incognito&quot; or a similar privacy mode; enable user configuration and opt in, and so on.
+Implementers should consider both user and server controlled mechanisms and policies to control which Client Hints header fields are advertised:
+
+  - Implementers may provide user choice mechanisms so that users may balance privacy concerns with bandwidth limitations. However, implementers should also be aware that explaining the privacy implications of passive fingerprinting or network information disclosure to users may be challenging.
+  - Implementers should support double-keyed Client Hints opt-in requested by potentially trustworthy origins via Accept-CH and Accept-CH-Lifetime header fields, and clear remembered opt-in when site data, browsing history, browsing cache, or similar, are cleared.
+  - Implementations specific to certain use cases or threat models may avoid transmitting Client Hints header fields altogether or limit them to authenticated sessions only that already carry identifying information, such as cookies or referer data.
+
+Following the above recommendations should significantly reduce the risks of linkability and passive fingerprinting.
</pre>
<p>You don't want to make this claim.  It's fairly easy to show it as false.  If your claim is that the incremental increase in linkability (over not sending hints) is reduced significantly, that might be true, but I doubt that also.  This is making a trade-off - if the information is basically already available via User-Agent or script, then this isn't a big increase, but in other cases it could be a big change.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-54009185">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyM-RhWXlIYepCwalwF-XPB0chvBrks5sUXaxgaJpZM4Ofn8z">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyJpnjbTiItyNNB-Dxui44uKVnHt3ks5sUXaxgaJpZM4Ofn8z.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-54009185"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@martinthomson commented on #373"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/373#pullrequestreview-54009185"}}}</script>
----==_mimepart_5982d0b1d98f3_7d7d3feb068afc3810236b--


From nobody Thu Aug  3 20:46:51 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.596
X-Spam-Level: 
X-Spam-Status: No, score=-0.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=IJnIsTvguGMoLJeqLy5uNhk4roU=; b=jGltN4JyYRwqxxwq dmws4fMQZNJJfVqqifTvtK2jcjYR6HoUTN32EpLO2lcUQ9Rm6saj1IgPO3NX+rwr rmGesL6Hy1bJ7DGprXP14MzfqzxQYR/OnOg9XewIPE204egzMml/vXOxOJoS27Ic eP8PIaRdl0UJghMo+Wph+KSKdNg=
Date: Fri, 04 Aug 2017 03:46:48 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] better clarify the differences between H2 server push (#375)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5983ee27b9748_1c173fbede1f1c387397a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/K-TPqqQO1LL6RVeoX1TSVWzBSTU>
Message-ID: <mailman.1031.1501818410.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 03:46:50 -0000

----==_mimepart_5983ee27b9748_1c173fbede1f1c387397a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

following the discussion on [this thread](https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0164.html)
You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/375

-- Commit Summary --

  * clarify the differences between H2 server push

-- File Changes --

    M draft-ietf-httpbis-early-hints.md (8)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/375.patch
https://github.com/httpwg/http-extensions/pull/375.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/375

----==_mimepart_5983ee27b9748_1c173fbede1f1c387397a
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>following the discussion on <a href="https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0164.html">this thread</a></p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/375'>https://github.com/httpwg/http-extensions/pull/375</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>clarify the differences between H2 server push</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/375/files#diff-0">draft-ietf-httpbis-early-hints.md</a>
    (8)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/375.patch'>https://github.com/httpwg/http-extensions/pull/375.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/375.diff'>https://github.com/httpwg/http-extensions/pull/375.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/375">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyBCNIaCuF3tLQEgcZ7ALwxJlHgj7ks5sUpQngaJpZM4OtPnT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyBFeEOuTKl2q2zLZZih7TAAs28oOks5sUpQngaJpZM4OtPnT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/375"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"better clarify the differences between H2 server push (#375)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/375"}}}</script>

----==_mimepart_5983ee27b9748_1c173fbede1f1c387397a--


From nobody Thu Aug  3 21:29:29 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.401
X-Spam-Level: 
X-Spam-Status: No, score=-5.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 03 Aug 2017 21:29:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501820966; bh=hnxrRE87cOgaTryrJQtxX+0+0OyvCxCgIquqZUHcH7g=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=olmuJ2/ajPtr1hUKpmVHqrgpsMIMLM/2tjeLaWL285R64sOaSa1Szhx0HTcLVK5IC nia1QMzBfEgk3RI55vNUwkyQkVvRnp8iibC09/F89MrDH9WCLqwoZeKgJr5MZrqwAB 2J/wl07lMZqXvZXzwAIMHRgecyTwyzOgMEakxwnI=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/375@github.com>
References: <httpwg/http-extensions/pull/375@github.com>
Subject: Re: [httpwg/http-extensions] better clarify the differences between H2 server push (#375)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5983f8263fd7c_4e5b3f946882fc304537f"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/6flQZh0_ttqASUmfWy3KkI1zCzU>
Message-ID: <mailman.1038.1501820969.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 04:29:28 -0000

----==_mimepart_5983f8263fd7c_4e5b3f946882fc304537f
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

2a1688d  "might consume less bandwidth" to avoid confusion


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/375/files/e086bf6e4e4e042fd1b88a47982c8404ba71cf74..2a1688d33746f323972a68f9fe0d5cf83de3fdfb

----==_mimepart_5983f8263fd7c_4e5b3f946882fc304537f
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/2a1688d" class="commit-link">2a1688d</a>  &quot;might consume less bandwidth&quot; to avoid confusion</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/375/files/e086bf6e4e4e042fd1b88a47982c8404ba71cf74..2a1688d33746f323972a68f9fe0d5cf83de3fdfb">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyITOid-2yA20X0UrfZ_9h8BcppO8ks5sUp4mgaJpZM4OtPnT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyA7sl3BGbnbL3AG70OwB4nT2PjPMks5sUp4mgaJpZM4OtPnT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/375/files/e086bf6e4e4e042fd1b88a47982c8404ba71cf74..2a1688d33746f323972a68f9fe0d5cf83de3fdfb"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #375"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/375/files/e086bf6e4e4e042fd1b88a47982c8404ba71cf74..2a1688d33746f323972a68f9fe0d5cf83de3fdfb"}}}</script>

----==_mimepart_5983f8263fd7c_4e5b3f946882fc304537f--


From nobody Thu Aug  3 21:31:38 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level: 
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=gTWuWUzE/g2fB2FQETfoa9SHTaE=; b=SKDrSXMruv33DEJp EPZcaLHZ/7JrRu0uPDKA71AlLhZGo1g+O/TGIc5btAtT2dqw7a76l36b25DlOY4J 5S6IsHDj00iukmJE5aDJTnD2ySyK7F/WNLj/sU1V7EYf8yICvyJQdjSE+m/q6Evo y9dGaKCdmKgG1EO5p8SiRWIlfWo=
Date: Fri, 04 Aug 2017 04:31:33 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/375@github.com>
References: <httpwg/http-extensions/pull/375@github.com>
Subject: Re: [httpwg/http-extensions] better clarify the differences between H2 server push (#375)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5983f8a5312af_3d993fb3c1013c2c6225a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/c0oOyznqMWhmSkWDP97qRyKwE_c>
Message-ID: <mailman.1039.1501821097.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 04:31:37 -0000

----==_mimepart_5983f8a5312af_3d993fb3c1013c2c6225a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

martinthomson commented on this pull request.



> @@ -66,11 +66,9 @@ The dilemma here is that even though it is preferable for an origin server to se
 soon as it receives a request, it cannot do so until the status code and the full header fields of the
 final HTTP response are determined.
 
-HTTP/2 ([RFC7540]) server push can be used as a solution to this issue, but has its own
-limitations. The responses that can be pushed using HTTP/2 are limited to those belonging to the
-same origin. Also, it is impossible to send only the links using server push. Finally, sending HTTP
-responses for every resource is an inefficient way of using bandwidth, especially when a caching
-server exists as an intermediary.
+HTTP/2 ([RFC7540]) server push can accelerate the delivery of resources, but only resources for which the server is authoritative.
+The other limitation of server push is that the response will be transmitted regardless of if the client has the response cached.

s/if/whether/

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/375#pullrequestreview-54278023
----==_mimepart_5983f8a5312af_3d993fb3c1013c2c6225a
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><b>@martinthomson</b> commented on this pull request.</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/375#discussion_r131310077">draft-ietf-httpbis-early-hints.md</a>:</p>
<pre style='color:#555'>&gt; @@ -66,11 +66,9 @@ The dilemma here is that even though it is preferable for an origin server to se
 soon as it receives a request, it cannot do so until the status code and the full header fields of the
 final HTTP response are determined.
 
-HTTP/2 ([RFC7540]) server push can be used as a solution to this issue, but has its own
-limitations. The responses that can be pushed using HTTP/2 are limited to those belonging to the
-same origin. Also, it is impossible to send only the links using server push. Finally, sending HTTP
-responses for every resource is an inefficient way of using bandwidth, especially when a caching
-server exists as an intermediary.
+HTTP/2 ([RFC7540]) server push can accelerate the delivery of resources, but only resources for which the server is authoritative.
+The other limitation of server push is that the response will be transmitted regardless of if the client has the response cached.
</pre>
<p>s/if/whether/</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/375#pullrequestreview-54278023">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyEIMcpyEsyqjEq02EAFyPVz5HP_4ks5sUp6lgaJpZM4OtPnT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyHsWVq0Y2IDMQgnxL7VZ2qb6q3G4ks5sUp6lgaJpZM4OtPnT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/375#pullrequestreview-54278023"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@martinthomson commented on #375"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/375#pullrequestreview-54278023"}}}</script>
----==_mimepart_5983f8a5312af_3d993fb3c1013c2c6225a--


From nobody Thu Aug  3 22:00:52 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level: 
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 03 Aug 2017 22:00:49 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501822849; bh=v3p2PetaOwWkHYN3iNKPNJ5JdANMHKJGz0ddGs2PK+E=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=irhd6LnG3Jg8v/MQLtVGfCK0EQoH1xwIupKqEiK3/quHwnODla6UOgoZDVwItGDKn i0sls8hcVF8dzFD0+Zm8uiAODAIU4p7PwEf9AD+Y6BSIZzy2phxSRHAJHYDqU+lR8s DLypn4VCE8ffaaqiqstrubOgdeVO+l/Zn0wRpq7A=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/371@github.com>
References: <httpwg/http-extensions/issues/371@github.com>
Subject: Re: [httpwg/http-extensions] multiple 103s are cumulating or overwriting headers? (#371)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5983ff814973a_26ec83fcb461d3c3c807e"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/-hdtliexrusFh-gfdO_KB_1sIsA>
Message-ID: <mailman.1040.1501822852.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 05:00:52 -0000

----==_mimepart_5983ff814973a_26ec83fcb461d3c3c807e
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

This is an interesting question. I think that we should agree on what the expected behavior is before discussing how (or if) we should update the text.

Regarding the question, I think that we should consider two (or more) Early Hints responses as expectations from different sources, rather than considering the following one to update the earlier ones. 

The reason I think so is because nonexistence of a header field in the 103 response does not imply that the header field will not exist in the final response, since we are not required to include in 103 response all the headers that are expected to be included in the final response.

So consider the following example: a caching intermediary might generate an Early Hints response from a stale-cached response. That Early Hints response could contain a header field that will never be included within an Early Hints response sent from the origin. In such case, considering both of the Early Hints responses as genuine makes the most sense.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/371#issuecomment-320156679
----==_mimepart_5983ff814973a_26ec83fcb461d3c3c807e
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>This is an interesting question. I think that we should agree on what =
the expected behavior is before discussing how (or if) we should update t=
he text.</p>
<p>Regarding the question, I think that we should consider two (or more) =
Early Hints responses as expectations from different sources, rather than=
 considering the following one to update the earlier ones.</p>
<p>The reason I think so is because nonexistence of a header field in the=
 103 response does not imply that the header field will not exist in the =
final response, since we are not required to include in 103 response all =
the headers that are expected to be included in the final response.</p>
<p>So consider the following example: a caching intermediary might genera=
te an Early Hints response from a stale-cached response. That Early Hints=
 response could contain a header field that will never be included within=
 an Early Hints response sent from the origin. In such case, considering =
both of the Early Hints responses as genuine makes the most sense.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/371#issuecomment-320156679">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
DcHvQdxq_oDMdULgCe6yIXZP7Uqks5sUqWBgaJpZM4Ob0nC">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyNOiL4yVLyuo9jNl7GVlJKE9AIQTks5sUqWBgaJpZM4Ob0nC.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/371#issuecomment-320156679"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@k=
azuho in #371: This is an interesting question. I think that we should ag=
ree on what the expected behavior is before discussing how (or if) we sho=
uld update the text.\r\n\r\nRegarding the question, I think that we shoul=
d consider two (or more) Early Hints responses as expectations from diffe=
rent sources, rather than considering the following one to update the ear=
lier ones. \r\n\r\nThe reason I think so is because nonexistence of a hea=
der field in the 103 response does not imply that the header field will n=
ot exist in the final response, since we are not required to include in 1=
03 response all the headers that are expected to be included in the final=
 response.\r\n\r\nSo consider the following example: a caching intermedia=
ry might generate an Early Hints response from a stale-cached response. T=
hat Early Hints response could contain a header field that will never be =
included within an Early Hints response sent from the origin. In such cas=
e, considering both of the Early Hints responses as genuine makes the mos=
t sense.\r\n\r\n"}],"action":{"name":"View Issue","url":"https://github.c=
om/httpwg/http-extensions/issues/371#issuecomment-320156679"}}}</script>=

----==_mimepart_5983ff814973a_26ec83fcb461d3c3c807e--


From nobody Thu Aug  3 22:41:33 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=69+igdzHfXWLasXw31ETH8bZI7k=; b=gjkygGQ3J0dInD65 GF3nijkcC8a6OgoC1EWywjgIfqVhBWun2QHf8yM0Ke47A9XRD5uFw9OFzEmgFXLg 7ZR+uNbaz/K+uRcwO35geIb4zcJ+HQNq+Eyrrarfv+/qDj9TU0KeBUbMSjqaifhK QC6WSZFKLp7w4jKtAG5pPfz0gB4=
Date: Fri, 04 Aug 2017 05:41:28 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/375@github.com>
References: <httpwg/http-extensions/pull/375@github.com>
Subject: Re: [httpwg/http-extensions] better clarify the differences between H2 server push (#375)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598409086c937_17f3fdd9d8e9c3898674"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/np4GqBFkUpI_a1KxVSucMp63QCg>
Message-ID: <mailman.1043.1501825292.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 05:41:31 -0000

----==_mimepart_598409086c937_17f3fdd9d8e9c3898674
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

8168216  grammar fix


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/375/files/2a1688d33746f323972a68f9fe0d5cf83de3fdfb..816821662dfb84197adf5bf0d2fe427fd64809d1

----==_mimepart_598409086c937_17f3fdd9d8e9c3898674
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/8168216" class="commit-link">8168216</a>  grammar fix</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/375/files/2a1688d33746f323972a68f9fe0d5cf83de3fdfb..816821662dfb84197adf5bf0d2fe427fd64809d1">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyLIqpUR47mK6cqNd0hA3A_NVCWM7ks5sUq8IgaJpZM4OtPnT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyDvVowKT-BuWtEtbX6zK8EBqGUP3ks5sUq8IgaJpZM4OtPnT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/375/files/2a1688d33746f323972a68f9fe0d5cf83de3fdfb..816821662dfb84197adf5bf0d2fe427fd64809d1"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #375"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/375/files/2a1688d33746f323972a68f9fe0d5cf83de3fdfb..816821662dfb84197adf5bf0d2fe427fd64809d1"}}}</script>

----==_mimepart_598409086c937_17f3fdd9d8e9c3898674--


From nobody Thu Aug  3 22:42:08 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.798
X-Spam-Level: 
X-Spam-Status: No, score=-9.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 03 Aug 2017 22:42:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501825324; bh=geL/btrDAXZQgaD1y0x4I5LRmrY0YJ6J2G2Gu/1FMsc=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=BeSis2c0NAz4AQr8fTa+PRdygdQMM2vSglNkPq6uo6ImPcDuiJMsFnjz4FWapiPJF ECr4dNBvnX0wlFvyknG4tba+46K2vGh13fB5ITmk50eADVqKOaviOVlTFYXPHkeepX Q1FxZ72urqLyaX4BtFXxRCLD1uthvOdi2dzTIThU=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/375@github.com>
References: <httpwg/http-extensions/pull/375@github.com>
Subject: Re: [httpwg/http-extensions] better clarify the differences between H2 server push (#375)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5984092c3cc6d_4cde3f82392f3c30827f8"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/JVIKJ5L5bI7tsXcmOtXNQPFenP8>
Message-ID: <mailman.1044.1501825327.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 05:42:07 -0000

----==_mimepart_5984092c3cc6d_4cde3f82392f3c30827f8
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

kazuho commented on this pull request.



> @@ -66,11 +66,9 @@ The dilemma here is that even though it is preferable for an origin server to se
 soon as it receives a request, it cannot do so until the status code and the full header fields of the
 final HTTP response are determined.
 
-HTTP/2 ([RFC7540]) server push can be used as a solution to this issue, but has its own
-limitations. The responses that can be pushed using HTTP/2 are limited to those belonging to the
-same origin. Also, it is impossible to send only the links using server push. Finally, sending HTTP
-responses for every resource is an inefficient way of using bandwidth, especially when a caching
-server exists as an intermediary.
+HTTP/2 ([RFC7540]) server push can accelerate the delivery of resources, but only resources for which the server is authoritative.
+The other limitation of server push is that the response will be transmitted regardless of if the client has the response cached.

@martinthomson Thank you! Applied the change in 8168216.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/375#discussion_r131315295
----==_mimepart_5984092c3cc6d_4cde3f82392f3c30827f8
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><b>@kazuho</b> commented on this pull request.</p>

<hr>

<p>In <a href="https://github.com/httpwg/http-extensions/pull/375#discussion_r131315295">draft-ietf-httpbis-early-hints.md</a>:</p>
<pre style='color:#555'>&gt; @@ -66,11 +66,9 @@ The dilemma here is that even though it is preferable for an origin server to se
 soon as it receives a request, it cannot do so until the status code and the full header fields of the
 final HTTP response are determined.
 
-HTTP/2 ([RFC7540]) server push can be used as a solution to this issue, but has its own
-limitations. The responses that can be pushed using HTTP/2 are limited to those belonging to the
-same origin. Also, it is impossible to send only the links using server push. Finally, sending HTTP
-responses for every resource is an inefficient way of using bandwidth, especially when a caching
-server exists as an intermediary.
+HTTP/2 ([RFC7540]) server push can accelerate the delivery of resources, but only resources for which the server is authoritative.
+The other limitation of server push is that the response will be transmitted regardless of if the client has the response cached.
</pre>
<p><a href="https://github.com/martinthomson" class="user-mention">@martinthomson</a> Thank you! Applied the change in <a href="https://github.com/httpwg/http-extensions/commit/816821662dfb84197adf5bf0d2fe427fd64809d1" class="commit-link"><tt>8168216</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/375#discussion_r131315295">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyGA35O7lcOelKKDBiJ3Jm_N3-5aKks5sUq8sgaJpZM4OtPnT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyFGQ1R6fS14ZsFBIL-5s6SV9xNb_ks5sUq8sgaJpZM4OtPnT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/375#discussion_r131315295"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho commented on #375"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/375#discussion_r131315295"}}}</script>
----==_mimepart_5984092c3cc6d_4cde3f82392f3c30827f8--


From nobody Fri Aug  4 00:15:16 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.253
X-Spam-Level: 
X-Spam-Status: No, score=-8.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Fri, 04 Aug 2017 00:15:13 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501830913; bh=60wAS1QmeX11kq0ZDKftLqsHCq7CH5VwGKvwONwrVXk=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=yV22E/HEWJMVWtHdSDTKkISrZ42dGyWLfxRvx75r05dRee16Gr2ppf5P0pDZxN7Ht ZXYMuZ0xG7J+Tq0jn/kY7yu32pBbIeJwQ16Q7fgEUtxevGcjXIpUE4c/7Y+Y58m4n6 DRXIi5qg0/0RmcJbj+fg4g17Rs3vIfZQksJr+ILo=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59841f0113960_254b3f96eb965c3c1258fa"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/suFd2QV_RQW3bV88y8TR4G-rwh8>
Message-ID: <mailman.1055.1501830915.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 07:15:15 -0000

----==_mimepart_59841f0113960_254b3f96eb965c3c1258fa
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I think we're almost there; see latest revision.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-320175938
----==_mimepart_59841f0113960_254b3f96eb965c3c1258fa
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>I think we're almost there; see latest revision.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-320175938">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyIjkgauh1fMs9S95jpEjv0QL8WtAks5sUsUBgaJpZM4NEzUM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyNW9H9j3TTcXnokx7zqyzZBQjiqDks5sUsUBgaJpZM4NEzUM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-320175938"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #330: I think we're almost there; see latest revision."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/330#issuecomment-320175938"}}}</script>
----==_mimepart_59841f0113960_254b3f96eb965c3c1258fa--


From nobody Fri Aug  4 00:32:09 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.798
X-Spam-Level: 
X-Spam-Status: No, score=-9.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Fri, 04 Aug 2017 00:32:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501831924; bh=OTwzJpX9fI15jYXmD8eXP/LxG/A8Tu7RfA8ND3m07ic=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=lCVdYeBtETQCCQ2Tj5Jhx4NWlzR1tEVMkLDdh2lIFqmv/MqWqUUoiZKXFFVM7Ql+R CuLE7bJd1PU2f932uMeY/QTdkNNSsS/Et/XlBlYXf9wWPfymu3lC3RcVV7pye/dj51 QJn4mNjl26deY8g/QoPAv/iIonyj+l8dsQogNf64=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc@github.com>
References: <httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc@github.com>
Subject: Re: [httpwg/http-extensions] more tweaks for #330 (83606e8)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598422f479e3d_49023fb5a8a7dc38646aa"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/06JMeCnr2DO9-uhj_Ug7AZV3-sY>
Message-ID: <mailman.1058.1501831927.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 07:32:07 -0000

----==_mimepart_598422f479e3d_49023fb5a8a7dc38646aa
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I think that you should say:

> Clients opting not to consult DNS ought to do so only do so if they have a high degree of confidence that the certificate is legitimate.  For instance, clients might decide not to consult DNS only if they receive proof of inclusion in a Certificate Transparency log {{?RFC6929}} or they have a recent OCSP response {{?RFC6960}} (maybe using the "status_request" TLS extension {{?RFC6066}}) showing that the certificate was not revoked."

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23474516
----==_mimepart_598422f479e3d_49023fb5a8a7dc38646aa
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>I think that you should say:</p>
<blockquote>
<p>Clients opting not to consult DNS ought to do so only do so if they ha=
ve a high degree of confidence that the certificate is legitimate.  For i=
nstance, clients might decide not to consult DNS only if they receive pro=
of of inclusion in a Certificate Transparency log {{?RFC6929}} or they ha=
ve a recent OCSP response {{?RFC6960}} (maybe using the "status_request" =
TLS extension {{?RFC6066}}) showing that the certificate was not revoked.=
"</p>
</blockquote>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commit=
comment-23474516">view it on GitHub</a>, or <a href=3D"https://github.com=
/notifications/unsubscribe-auth/AORpyEr-D0hgQWupG-Hvak2j0DpPwS-cks5sUsj0g=
aJpZM4OtX-z">mute the thread</a>.<img alt=3D"" height=3D"1" src=3D"https:=
//github.com/notifications/beacon/AORpyGuNY3z9mR8Spbjg7FYk0Y5GvIiDks5sUsj=
0gaJpZM4OtX-z.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23474516"=
></link>
  <meta itemprop=3D"name" content=3D"View Commit"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Commit on GitHub"></m=
eta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@m=
artinthomson on 83606e8: I think that you should say:\r\n\r\n\u003e Clien=
ts opting not to consult DNS ought to do so only do so if they have a hig=
h degree of confidence that the certificate is legitimate.  For instance,=
 clients might decide not to consult DNS only if they receive proof of in=
clusion in a Certificate Transparency log {{?RFC6929}} or they have a rec=
ent OCSP response {{?RFC6960}} (maybe using the \"status_request\" TLS ex=
tension {{?RFC6066}}) showing that the certificate was not revoked.\""}],=
"action":{"name":"View Commit","url":"https://github.com/httpwg/http-exte=
nsions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-2347=
4516"}}}</script>=

----==_mimepart_598422f479e3d_49023fb5a8a7dc38646aa--


From nobody Fri Aug  4 00:59:27 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.453
X-Spam-Level: 
X-Spam-Status: No, score=-5.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Fri, 04 Aug 2017 00:59:24 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501833564; bh=mAtf1qnfQb4yIVCf1orkLigJvXuJtnisiNdEBfOBg8A=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=2UZJ+Xqa88+srZ6q7/IfpqSYa+eAyoKKrw6Ykq4oNMLv0MUUvqataP3egnk298zFb /OhBNF2A0F7YXv2HEwPniZAgqwLTghEJAfVMNTT+AnS60MWN4mnlPz4uQ6C3zYms9y GQv0VBiG2m57KwpUZcWQ4DEYoggVzTIc9yZ6n8fQ=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc@github.com>
References: <httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc@github.com>
Subject: Re: [httpwg/http-extensions] more tweaks for #330 (83606e8)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5984295c7ac1b_52b73f8ba4307c342597"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/w0LhPyb5zX9sVDZlC8KGwWCQU0w>
Message-ID: <mailman.1059.1501833566.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 07:59:26 -0000

----==_mimepart_5984295c7ac1b_52b73f8ba4307c342597
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

SGTM

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23474838
----==_mimepart_5984295c7ac1b_52b73f8ba4307c342597
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>SGTM</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23474838">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyEP6JcpT_UNijRZ8aegEXVXdon6Fks5sUs9cgaJpZM4OtX-z">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyENGFFDX2Vv5j1i_40-lEutPrhATks5sUs9cgaJpZM4OtX-z.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23474838"></link>
  <meta itemprop="name" content="View Commit"></meta>
</div>
<meta itemprop="description" content="View this Commit on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot on 83606e8: SGTM"}],"action":{"name":"View Commit","url":"https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23474838"}}}</script>
----==_mimepart_5984295c7ac1b_52b73f8ba4307c342597--


From nobody Fri Aug  4 02:06:49 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.615
X-Spam-Level: 
X-Spam-Status: No, score=-5.615 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Fri, 04 Aug 2017 02:06:46 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501837606; bh=57Q3O4LI2hoStgutrhcW3GHOrv39xwupC+10SOXjTo0=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=t9FLCNSGw9PSkYpuwUxw126RQCcswC2Qx7aX1RQyQIaquS5ULpy1CUiDBLKLxeURg PU3OYxrkO30R5ZOCTo/h/tfEn8flu6537TEtRgKb3u2oJIMv/JWA6U6ASV8lN2oAUW E9egeWhdd4Gr8g70ndARTeRiMnjfomJ/l6vReSQU=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] fix list rule reference (#376)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59843926bbd6_49c13fd0ec4e1c3412694e"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/RJbL4FUUHOzKTmYJtU69hgnyJEQ>
Message-ID: <mailman.1073.1501837609.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 09:06:48 -0000

----==_mimepart_59843926bbd6_49c13fd0ec4e1c3412694e
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit


You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/376

-- Commit Summary --

  * fix list rule reference

-- File Changes --

    M draft-ietf-httpbis-cache-digest.md (2)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/376.patch
https://github.com/httpwg/http-extensions/pull/376.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/376

----==_mimepart_59843926bbd6_49c13fd0ec4e1c3412694e
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit



<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/376'>https://github.com/httpwg/http-extensions/pull/376</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>fix list rule reference</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/376/files#diff-0">draft-ietf-httpbis-cache-digest.md</a>
    (2)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/376.patch'>https://github.com/httpwg/http-extensions/pull/376.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/376.diff'>https://github.com/httpwg/http-extensions/pull/376.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/376">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyCNDxDlBJIwjpYYFtXfwwMyadYH4ks5sUt8mgaJpZM4OtdnT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyG6gvCehAr_cmyrvprF1Fsa-5Nozks5sUt8mgaJpZM4OtdnT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/376"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"fix list rule reference (#376)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/376"}}}</script>

----==_mimepart_59843926bbd6_49c13fd0ec4e1c3412694e--


From nobody Sat Aug  5 12:45:11 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.616
X-Spam-Level: 
X-Spam-Status: No, score=-5.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sat, 05 Aug 2017 12:45:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501962306; bh=P++YCt0PlSlRzwv4r2NGl8k3afL1H1Aw6uoHMbj9b5g=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=bTxzhCNmcrRhlhyq/LX53B83JYu+9Ec7MthMOiUwdkXoW9Y7ci64gPTNrHkEAqQvi o9dbUFq2qQJi4BKO2/ZCRVpVLIjFSBBBs1OMNFkCv/V3x0K0wIbYlFVh0oJujZHuot en6/Wx01k7qCnYJiHjYdTomccijcGy+FrbHuK9MA=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] improve service workers reference (#377)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5986204288cc0_45c03f8e7f26dc3c6087e"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/QavcCMokqGIQgkvjRYaqoWgzTiU>
Message-ID: <mailman.1232.1501962310.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2017 19:45:09 -0000

----==_mimepart_5986204288cc0_45c03f8e7f26dc3c6087e
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit


You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/377

-- Commit Summary --

  * improve service workers reference

-- File Changes --

    M draft-ietf-httpbis-cache-digest.md (4)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/377.patch
https://github.com/httpwg/http-extensions/pull/377.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/377

----==_mimepart_5986204288cc0_45c03f8e7f26dc3c6087e
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit



<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/377'>https://github.com/httpwg/http-extensions/pull/377</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>improve service workers reference</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/377/files#diff-0">draft-ietf-httpbis-cache-digest.md</a>
    (4)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/377.patch'>https://github.com/httpwg/http-extensions/pull/377.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/377.diff'>https://github.com/httpwg/http-extensions/pull/377.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/377">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyEAZtKiQd9Sy686D1M4cq_uERudHks5sVMZCgaJpZM4OujBs">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyPW9j95v8FSZgSUyqB13ou353c8Tks5sVMZCgaJpZM4OujBs.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/377"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"improve service workers reference (#377)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/377"}}}</script>

----==_mimepart_5986204288cc0_45c03f8e7f26dc3c6087e--


From nobody Sat Aug  5 12:53:27 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.396
X-Spam-Level: 
X-Spam-Status: No, score=-8.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sat, 05 Aug 2017 12:53:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501962803; bh=G9FPWdP3A2YZE0OVgG5GBm2ss0EYxl7PBiFhgtU9xB4=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=PPXzZBTsJNKQBo/it8PBftlhN6h9bwHSkuwhf/6JGKn3USC/osTS/Ef5yCG60/+3H 6ffOTuYSOUXUn3g1dvb2f5PVGy3CD77KIqwwsXXWXvX1U9KSmtm4hxVG4VJQlaX8AX lcgBlSurMR7xAHSKTMMgynJ+qKzk5yjAu+yanWq0=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] improve RICE reference (#378)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598622337d84e_13e13fd63038dc2c78542"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/7SA5ff3DqDirx--2D_kJ5OjityY>
Message-ID: <mailman.1233.1501962807.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2017 19:53:26 -0000

----==_mimepart_598622337d84e_13e13fd63038dc2c78542
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit


You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/378

-- Commit Summary --

  * improve RICE reference

-- File Changes --

    M draft-ietf-httpbis-cache-digest.md (7)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/378.patch
https://github.com/httpwg/http-extensions/pull/378.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/378

----==_mimepart_598622337d84e_13e13fd63038dc2c78542
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit



<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/378'>https://github.com/httpwg/http-extensions/pull/378</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>improve RICE reference</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/378/files#diff-0">draft-ietf-httpbis-cache-digest.md</a>
    (7)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/378.patch'>https://github.com/httpwg/http-extensions/pull/378.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/378.diff'>https://github.com/httpwg/http-extensions/pull/378.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/378">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyIMG7lIbHcC9u6J7cv47QPaujH30ks5sVMgzgaJpZM4OujI9">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyPTTOdfGHLN33GXwPej6aaBk4yIiks5sVMgzgaJpZM4OujI9.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/378"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"improve RICE reference (#378)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/378"}}}</script>

----==_mimepart_598622337d84e_13e13fd63038dc2c78542--


From nobody Sat Aug  5 16:21:47 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=jt0iKeqhj7MzTFqxnvSCRK0GI6E=; b=KP1JeaWTumTTmbz2 5s4H4AUlzOLmof7IekEE0d2Ngx7s3vXO8Q8dHq1YMYQXD0y+zM38fBvmY1OaDri6 tFwA5QbsZ7TribqkpjcUF3pPfbSnkgGcZ9qrXSc/Vqo96IJYiwalooyv3w+AmlPi 5I3wKoXufyUWqsq3ytXDF737CrI=
Date: Sat, 05 Aug 2017 23:21:39 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/378@github.com>
References: <httpwg/http-extensions/pull/378@github.com>
Subject: Re: [httpwg/http-extensions] improve RICE reference (#378)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5986530289a02_27703f8e7f26dc3c46964"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/BKW35HqVhvaOpY2EiIyy91eILsw>
Message-ID: <mailman.1236.1501975307.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2017 23:21:47 -0000

----==_mimepart_5986530289a02_27703f8e7f26dc3c46964
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Merged #378.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/378#event-1194331250
----==_mimepart_5986530289a02_27703f8e7f26dc3c46964
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Merged <a href="https://github.com/httpwg/http-extensions/pull/378" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/378" data-id="248205770" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#378</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/378#event-1194331250">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyB8AaE4H81NKqLnplPnJhbt_39O-ks5sVPkCgaJpZM4OujI9">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyMgWQtpZdJ2RudXd7C8357RHiwp9ks5sVPkCgaJpZM4OujI9.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/378#event-1194331250"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Merged #378."}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/378#event-1194331250"}}}</script>
----==_mimepart_5986530289a02_27703f8e7f26dc3c46964--


From nobody Sat Aug  5 16:21:58 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.454
X-Spam-Level: 
X-Spam-Status: No, score=-5.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sat, 05 Aug 2017 16:21:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1501975302; bh=/YI0spty4aou3f2pynGQGy/KCsYJQr8QSlmKbTXYeHM=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=uSxzn+dpvrVt29VEXW4LtH87JEvU3/pEA4mOJNioh4GTAjno9mb8S9RFtdLXiyuoD K4FVstO0pl7D4UEmE1hToKKewbMtVBJ8U6AbWxXbSFc1pMyOV2XLAFbzr/P/ySAqHM ghRcscFy8OvCnK9l129zA+RrewVcp2AUygnjIohI=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/378@github.com>
References: <httpwg/http-extensions/pull/378@github.com>
Subject: Re: [httpwg/http-extensions] improve RICE reference (#378)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59865306812d8_bc63f8d62293c341158d7"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/tTyHAkh_YSRWRDyuAv4P6TKVsUo>
Message-ID: <mailman.1237.1501975318.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2017 23:21:48 -0000

----==_mimepart_59865306812d8_bc63f8d62293c341158d7
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Thanks!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/378#issuecomment-320475877
----==_mimepart_59865306812d8_bc63f8d62293c341158d7
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Thanks!</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/378#issuecomment-320475877">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyNKcUSdf_-HTVNhzJuzqLArEUsRyks5sVPkGgaJpZM4OujI9">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyDoZR7XAqhqx47_dOa3hgDA2l6rrks5sVPkGgaJpZM4OujI9.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/378#issuecomment-320475877"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #378: Thanks!"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/378#issuecomment-320475877"}}}</script>
----==_mimepart_59865306812d8_bc63f8d62293c341158d7--


From nobody Sat Aug  5 16:22:17 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.182
X-Spam-Level: 
X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4Igf2fRwsw3WPwTFVYKidGQMLSE=; b=KO33miVgyI+M7f9G 8cgemJF+28vzK+abRwRP0+WfC5svtdL12bjLXzSlTxHo6ikYVKgjOfrIy291yhvK aUFBwyUS6P0Ndh6XCd3IYc5Dj4Ha43e+SY8QdPttQ7ClijunUXdayprvmsedymfw Qr5tKGVm5kIArqhQoVhmkr1gjpw=
Date: Sat, 05 Aug 2017 23:22:14 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/377@github.com>
References: <httpwg/http-extensions/pull/377@github.com>
Subject: Re: [httpwg/http-extensions] improve service workers reference (#377)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598653248eb03_f8e3fd9dccd3c3c92017"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/JHrRd9mG6PGRqtU_U4WT0py46ko>
Message-ID: <mailman.1238.1501975337.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2017 23:22:17 -0000

----==_mimepart_598653248eb03_f8e3fd9dccd3c3c92017
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Merged #377.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/377#event-1194331300
----==_mimepart_598653248eb03_f8e3fd9dccd3c3c92017
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Merged <a href="https://github.com/httpwg/http-extensions/pull/377" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/377" data-id="248205358" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#377</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/377#event-1194331300">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyCz7R0VbC_krctvMCyjjsp185LKEks5sVPkkgaJpZM4OujBs">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyLkXEdQP5h43lD3h8FRLtfPOfHTZks5sVPkkgaJpZM4OujBs.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/377#event-1194331300"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Merged #377."}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/377#event-1194331300"}}}</script>
----==_mimepart_598653248eb03_f8e3fd9dccd3c3c92017--


From nobody Sat Aug  5 16:22:25 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.474
X-Spam-Level: 
X-Spam-Status: No, score=-0.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=xBDveaf8QagTEeJ89fBUXhsdIbA=; b=qd07w6fOaCEM2Cpt nithF4igfN+RGEx05FmdzXXS+NOu7n8QBI2y8M8qSN+VYAkqtqebMQo2IjmiAO05 hx92KrKvZ49vC7wYR7Q7/ODfHu+nqg9r3PEIJQjqgLpbAqsI8xZlLs0oiQsBIlDP FGalVixnvZw9oHkr6R7TsMeNNT4=
Date: Sat, 05 Aug 2017 23:22:17 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/377@github.com>
References: <httpwg/http-extensions/pull/377@github.com>
Subject: Re: [httpwg/http-extensions] improve service workers reference (#377)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598653296d212_63213fce9da69c34916f8"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/rzVTm-LoFok8eykIxzkS0C2pspo>
Message-ID: <mailman.1239.1501975343.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2017 23:22:21 -0000

----==_mimepart_598653296d212_63213fce9da69c34916f8
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Thanks!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/377#issuecomment-320475903
----==_mimepart_598653296d212_63213fce9da69c34916f8
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Thanks!</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/377#issuecomment-320475903">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyNKJH_0swqVw-7SH-9f6Esk1BALrks5sVPkpgaJpZM4OujBs">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyBfB_RFKrpKZGBQk7Yi9dTLhBv-hks5sVPkpgaJpZM4OujBs.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/377#issuecomment-320475903"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #377: Thanks!"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/377#issuecomment-320475903"}}}</script>
----==_mimepart_598653296d212_63213fce9da69c34916f8--


From nobody Sun Aug  6 08:16:06 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.595
X-Spam-Level: 
X-Spam-Status: No, score=-5.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sun, 06 Aug 2017 08:16:01 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502032561; bh=94RxdIS8oMJQe4ed24fp86kFg4ZRh/xW66dcLGxnWaU=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=YMmq5DBRm6CE7abwLFibvBNx9ioKHmIfvObP8hfzciAiZPbvNY58pHpR4SWsoswA3 1GKmS0yjBGDLcv037Cx6RRZ9KO/gap+3h8bjNAmxB0ykFrJYyYfsuL3Xfat5IvLWUQ QrAvGfyL7LOEqFhZCCRLh1CAcOmXoOIJjMjBqGi8=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] ref formatting (#379)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598732b1f1ded_50353fc285aefc2c42111"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/yDP2wQM9hWeQIlPtdVn5QFJLcKk>
Message-ID: <mailman.1260.1502032565.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Aug 2017 15:16:05 -0000

----==_mimepart_598732b1f1ded_50353fc285aefc2c42111
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit


You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/379

-- Commit Summary --

  * ref formatting

-- File Changes --

    M draft-ietf-httpbis-cache-digest.md (2)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/379.patch
https://github.com/httpwg/http-extensions/pull/379.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/379

----==_mimepart_598732b1f1ded_50353fc285aefc2c42111
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit



<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/379'>https://github.com/httpwg/http-extensions/pull/379</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>ref formatting</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/379/files#diff-0">draft-ietf-httpbis-cache-digest.md</a>
    (2)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/379.patch'>https://github.com/httpwg/http-extensions/pull/379.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/379.diff'>https://github.com/httpwg/http-extensions/pull/379.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/379">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyNouDtRdOsF16zaK8WM-RovqxEHqks5sVdixgaJpZM4Ouwfm">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyN8uMTuJ14AKA4hbOyfNUGZp-z_Sks5sVdixgaJpZM4Ouwfm.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/379"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"ref formatting (#379)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/379"}}}</script>

----==_mimepart_598732b1f1ded_50353fc285aefc2c42111--


From nobody Sun Aug  6 22:23:11 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=9t+GVY10xvPzdxPzxMDqxkqSGG0=; b=IQnEuwdZSgYLhk5M 6CVrnwGU0tesk13ZSwNRwbCW4t3GW2yRATSZgT1NJN1shuUP2w/TsyzjFzOXVl2I 7gi3qOiOk/StzibH+2zunY99dF8ctHvvQ176K8Rd1ZW72yF8dh7ZxOy/ehImJIfV c3sllGtoNaHPO7NnD6hQ68WfM8g=
Date: Mon, 07 Aug 2017 05:23:07 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5987f93aa8412_36213faab3033c3c807e4"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/fToCKHVQ5Jkhwp4jFI2OWzNn0R4>
Message-ID: <mailman.1282.1502083390.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 05:23:09 -0000

----==_mimepart_5987f93aa8412_36213faab3033c3c807e4
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Clarify that the disappearance of a header field (that once existed in a 103 response) from the following 103 responses does not indicate the retraction of the expectation that the header field will be included in the final response.

closes #371 
You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/380

-- Commit Summary --

  * clarify multi-103 behavior (based on the general rule that the absense of a header field in 103 is not a negative prediction

-- File Changes --

    M draft-ietf-httpbis-early-hints.md (5)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/380.patch
https://github.com/httpwg/http-extensions/pull/380.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/380

----==_mimepart_5987f93aa8412_36213faab3033c3c807e4
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Clarify that the disappearance of a header field (that once existed in a 103 response) from the following 103 responses does not indicate the retraction of the expectation that the header field will be included in the final response.</p>
<p><span class="issue-keyword tooltipped tooltipped-se" aria-label="This pull request closes issue #371.">closes</span> <a href="https://github.com/httpwg/http-extensions/issues/371" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/371" data-id="243827582" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#371</a></p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/380'>https://github.com/httpwg/http-extensions/pull/380</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>clarify multi-103 behavior (based on the general rule that the absense of a header field in 103 is not a negative prediction</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/380/files#diff-0">draft-ietf-httpbis-early-hints.md</a>
    (5)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/380.patch'>https://github.com/httpwg/http-extensions/pull/380.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/380.diff'>https://github.com/httpwg/http-extensions/pull/380.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/380">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyAeTEErPSDGELPnkqTL_mZTFjZvQks5sVp86gaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyLywOa_9PsBqN-k8Ue-hrFc4DuzHks5sVp86gaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"clarify multi-103 behavior (#380)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380"}}}</script>

----==_mimepart_5987f93aa8412_36213faab3033c3c807e4--


From nobody Sun Aug  6 22:24:05 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sun, 06 Aug 2017 22:24:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502083442; bh=KxxTB6Ya+7QulG3h9aglhQS/Xt9c2AZY0keXlHOC9aE=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=D2ihe1iiwW0sfJJbaInVe7sWcslANoPwiLA8yKgerR5nOlC7Slu5PSYmH43OjterR Di1VH7oUuAzXZkIU1bt9RZ4qqnpIPVNPJ4VlZ6ni9xNmu9YwS1b2A6FTLzKJ339xTe sWacJwveJ2f0rjQDgeMetsBvOX7di0/Vwx7CCGi8=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/375@github.com>
References: <httpwg/http-extensions/pull/375@github.com>
Subject: Re: [httpwg/http-extensions] better clarify the differences between H2 server push (#375)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5987f9723417e_26be3fdd381a7c3c733cb"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/FS8MDeZgNhhpfIABp48MYYiaq18>
Message-ID: <mailman.1283.1502083444.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 05:24:04 -0000

----==_mimepart_5987f9723417e_26be3fdd381a7c3c733cb
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Merged #375.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/375#event-1194797166
----==_mimepart_5987f9723417e_26be3fdd381a7c3c733cb
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Merged <a href="https://github.com/httpwg/http-extensions/pull/375" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/375" data-id="247895458" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#375</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/375#event-1194797166">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyJu7XvlERG4ZHXuP-OtT4_w89h4Hks5sVp9ygaJpZM4OtPnT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyAyRQPGUkmWQ6cY0TFGlHxG6Np6aks5sVp9ygaJpZM4OtPnT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/375#event-1194797166"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Merged #375."}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/375#event-1194797166"}}}</script>
----==_mimepart_5987f9723417e_26be3fdd381a7c3c733cb--


From nobody Sun Aug  6 23:35:04 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.182
X-Spam-Level: 
X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=12V+qRMEjmeKPdGMucy0oisoSTI=; b=LIfWbztouk00a8BA ZhteKO5OnKkLh81VXH4YA0Nriv/onf+qXBBj5P2CvjQ+4BHyG1nGL/DdIv6JOV3R Eu9K5VsMX3RljDspi13nv1MilYIxFeE/cxxXLIHb+y72w/EYJ91Qn76H8d4tcFa9 LFM5GYebGFg4WlVzRANGb86wC3g=
Date: Mon, 07 Aug 2017 06:35:00 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59880a1486922_53f13fdb6331bc341144be"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/9gnxbVB9HTVde9_02UuCfoYWPfI>
Message-ID: <mailman.1288.1502087703.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 06:35:03 -0000

----==_mimepart_59880a1486922_53f13fdb6331bc341144be
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

ecb2c7e  clarify the general rule


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/380/files/bbbcb0e3e847153b1cb6292545ed86cc15927d1d..ecb2c7e5033f27bc6284024d5496ed95bfb6be65

----==_mimepart_59880a1486922_53f13fdb6331bc341144be
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/ecb2c7e" class="commit-link">ecb2c7e</a>  clarify the general rule</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/380/files/bbbcb0e3e847153b1cb6292545ed86cc15927d1d..ecb2c7e5033f27bc6284024d5496ed95bfb6be65">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyBDeNn8euPz1amTRfJIL8aFJgGLuks5sVrAUgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyE6Ez67bxNjJYUV5c9wcI0UqQ91Cks5sVrAUgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380/files/bbbcb0e3e847153b1cb6292545ed86cc15927d1d..ecb2c7e5033f27bc6284024d5496ed95bfb6be65"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #380"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380/files/bbbcb0e3e847153b1cb6292545ed86cc15927d1d..ecb2c7e5033f27bc6284024d5496ed95bfb6be65"}}}</script>

----==_mimepart_59880a1486922_53f13fdb6331bc341144be--


From nobody Sun Aug  6 23:43:27 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.396
X-Spam-Level: 
X-Spam-Status: No, score=-8.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sun, 06 Aug 2017 23:43:22 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502088202; bh=D3PD6/qdftCNaqim0mhyAyjlg7EAAVkWTmQVc8TxoXE=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=sybeBVM6Gyd7OvLZLf86gZNJspoKr0MRFMy6HB7eztK4WvyILIpqySrk31oyR1FPu p9jfoHQVGyXS2Ivq9muBPHxJTleTCHWdsmSfKRcEFdoHCs8E2rPIEFXsUWhTrOXYc4 2BWr4fT0bVnapALnozORXvJcpM1FwDTbobvSyK80=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59880c0aa1b12_1d333fc24df97c30131623"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/l96ALhhnR0z9UGzx4w3JkYpKORM>
Message-ID: <mailman.1291.1502088206.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 06:43:26 -0000

----==_mimepart_59880c0aa1b12_1d333fc24df97c30131623
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

ecb2c7e adds a clarification the general rule that this PR relies on (i.e. the nonexistence of a header field in the 103 response cannot be used as a signal that the header field will be absent in the final response), at the same time addressing Spencer Dawkins' suggestion to clarify that a "the server can add header fields in the 200 that were not present in the 103."

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/380#issuecomment-320581887
----==_mimepart_59880c0aa1b12_1d333fc24df97c30131623
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><a href=3D"https://github.com/httpwg/http-extensions/commit/ecb2c7e503=
3f27bc6284024d5496ed95bfb6be65" class=3D"commit-link"><tt>ecb2c7e</tt></a=
> adds a clarification the general rule that this PR relies on (i.e. the =
nonexistence of a header field in the 103 response cannot be used as a si=
gnal that the header field will be absent in the final response), at the =
same time addressing Spencer Dawkins' suggestion to clarify that a "the s=
erver can add header fields in the 200 that were not present in the 103."=
</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/pull/380#issuecomment-320581887">view it on GitHub</a>=
, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyFl=
MhoeCu9KQr91Po4jlhS3LhpJpks5sVrIKgaJpZM4OvAXM">mute the thread</a>.<img a=
lt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AORpy=
ENHX6Srr063zjAUJ5he9P6TntEUks5sVrIKgaJpZM4OvAXM.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/pull/380#issuecomment-320581887"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHu=
b"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@k=
azuho in #380: ecb2c7e adds a clarification the general rule that this PR=
 relies on (i.e. the nonexistence of a header field in the 103 response c=
annot be used as a signal that the header field will be absent in the fin=
al response), at the same time addressing Spencer Dawkins' suggestion to =
clarify that a \"the server can add header fields in the 200 that were no=
t present in the 103.\""}],"action":{"name":"View Pull Request","url":"ht=
tps://github.com/httpwg/http-extensions/pull/380#issuecomment-320581887"}=
}}</script>=

----==_mimepart_59880c0aa1b12_1d333fc24df97c30131623--


From nobody Mon Aug  7 04:49:40 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=npmB7HL1kw2Q08wIAYoKumAi2bE=; b=EttQ4OJ5xKU0ASNP 7oAHxs8ep6DGJ94MGMuoyJN7ziQm1sS3i+ZEf/jIythC1EAsApZGX7N2NZk5x5Fo /Hd0TGPQgkl8T/O3vITaYSvtpAodqIf1bfylwBfCTUpOZ+VDOTueXiptPPXwuKTd /Cyjiph0LUi1FevmifLSI26LjA0=
Date: Mon, 07 Aug 2017 11:49:37 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/343@github.com>
References: <httpwg/http-extensions/issues/343@github.com>
Subject: Re: [httpwg/http-extensions] text about why RFC 3490 is cited is missing (#343)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598853d0daa7b_3c383fa798531c34115648"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/CHV4iyUulrl12G5agWBNIkfNgi8>
Message-ID: <mailman.1319.1502106580.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 11:49:40 -0000

----==_mimepart_598853d0daa7b_3c383fa798531c34115648
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Will be addressed in the -02 I'll be uploading shortly, thanks to your patch in https://github.com/httpwg/http-extensions/commit/d5f7cb8c000f7a5c6d3545827883efe1a90eac99.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/343#issuecomment-320642895
----==_mimepart_598853d0daa7b_3c383fa798531c34115648
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Will be addressed in the -02 I'll be uploading shortly, thanks to your patch in <a href="https://github.com/httpwg/http-extensions/commit/d5f7cb8c000f7a5c6d3545827883efe1a90eac99" class="commit-link"><tt>d5f7cb8</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/343#issuecomment-320642895">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyD9xoAXIm5byJ-K0K-V4jh-Kt928ks5sVvnQgaJpZM4NdcbO">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyF_3396uSkNxTswI5aGJw5xAxDFTks5sVvnQgaJpZM4NdcbO.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/343#issuecomment-320642895"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #343: Will be addressed in the -02 I'll be uploading shortly, thanks to your patch in https://github.com/httpwg/http-extensions/commit/d5f7cb8c000f7a5c6d3545827883efe1a90eac99."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/343#issuecomment-320642895"}}}</script>
----==_mimepart_598853d0daa7b_3c383fa798531c34115648--


From nobody Mon Aug  7 04:49:50 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.382
X-Spam-Level: 
X-Spam-Status: No, score=-0.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=PkSmn9qg4jLPEiD8ES5Lbr4ZOHY=; b=Jl5gOkR1sM1XhxVa mnHjXsvO2hXwJ5DFlYSFXLuwuNJZDN7OrUQBWtu15Adsxb/V6ya0JXiISWHiqLLs 4mwRqQVf+co0g1Dw7ew3PZKVcr6qVw/MjWYV8IOclgj4fKa8cZUXIRa81M5uULTz hOzMFzhAHYrmMwUVySM/meJhYvo=
Date: Mon, 07 Aug 2017 11:49:37 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/343@github.com>
References: <httpwg/http-extensions/issues/343@github.com>
Subject: Re: [httpwg/http-extensions] text about why RFC 3490 is cited is missing (#343)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598853d15aff0_780f3f8741ea9c34177251"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/S5LDyzv8-UtEf_cEgHMUhsbS23g>
Message-ID: <mailman.1320.1502106585.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 11:49:40 -0000

----==_mimepart_598853d15aff0_780f3f8741ea9c34177251
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #343.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/343#event-1195257894
----==_mimepart_598853d15aff0_780f3f8741ea9c34177251
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/343" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/343" data-id="229253903" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#343</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/343#event-1195257894">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKJG8u4EC7bwQ835DXZX347vfhmrks5sVvnRgaJpZM4NdcbO">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyA847XHwPhOG5Zp9MqzUYArGPcGJks5sVvnRgaJpZM4NdcbO.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/343#event-1195257894"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #343."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/343#event-1195257894"}}}</script>
----==_mimepart_598853d15aff0_780f3f8741ea9c34177251--


From nobody Mon Aug  7 04:52:03 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.474
X-Spam-Level: 
X-Spam-Status: No, score=-5.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 04:51:59 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502106719; bh=pZqaKQpYfZ+EKMag79EO8GMF6qUXZy2qlGcLYLf+OwM=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=KViTkYcaI849d8+s+XWATWDd7JfBl18ioJ0GG4+TXh8qFGfsa1IBRK8sVcL/XxInB eS5bT0Ru6OXtCXNjoqitvqFvGgUibaPuFTjJVWqM4WRGu3TN+5LXDo3JHZzNrMj7Ob /gmG87Jl9VIAZWR1qllTjjd+K5h5KGt8C0FLfohw=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/302@github.com>
References: <httpwg/http-extensions/issues/302@github.com>
Subject: Re: [httpwg/http-extensions] Typo in SameSite cookie algorithm (?) (#302)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5988545f3a50_74cb3fe6ddb5fc30138456"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/rw81P8x5jpyjckIyzgEL0Z-p9v0>
Message-ID: <mailman.1323.1502106722.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 11:52:01 -0000

----==_mimepart_5988545f3a50_74cb3fe6ddb5fc30138456
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Thanks! Will be fixed in the -02 draft of RFC6265 I'm about to upload.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/302#issuecomment-320643327
----==_mimepart_5988545f3a50_74cb3fe6ddb5fc30138456
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Thanks! Will be fixed in the -02 draft of RFC6265 I'm about to upload.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/302#issuecomment-320643327">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyOXo-4pFW26Hius2vcDxxdHpg-lSks5sVvpfgaJpZM4MJWhe">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyM3TEZ9DkVTUYV49c1iWtwHsCCY8ks5sVvpfgaJpZM4MJWhe.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/302#issuecomment-320643327"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #302: Thanks! Will be fixed in the -02 draft of RFC6265 I'm about to upload."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/302#issuecomment-320643327"}}}</script>
----==_mimepart_5988545f3a50_74cb3fe6ddb5fc30138456--


From nobody Mon Aug  7 04:57:34 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.454
X-Spam-Level: 
X-Spam-Status: No, score=-5.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 04:57:29 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502107049; bh=Me2vtI6lS3/e+KaWvk04mznKAbBjnHyyQTJYVHrMTis=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=psTjkgy+1qCS+EFDqrHpyOJcCMES6W+kuGDdQWUk4d8JRI4DUzpGoszqHYzYoIlL6 ytkI2NjI6rP+pQeNwsdV8Db4rP0K74iwHIE/DD9Eu00p5q0FEqdJ+1TyknS1h6rtwd 9bqwe2tslIYvXwZ1YGBnG7bKEhhv4jghqllDfW74=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/204@github.com>
References: <httpwg/http-extensions/issues/204@github.com>
Subject: Re: [httpwg/http-extensions] enhance title of RFC6265 to include "cookies" term (#204)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598855a9eb89a_3c333fa798531c342798e6"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/wDSe2UQdWLHmNDxZNRtspmQuTrk>
Message-ID: <mailman.1324.1502107053.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 11:57:32 -0000

----==_mimepart_598855a9eb89a_3c333fa798531c342798e6
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Will be fixed in the upcoming -02.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/204#issuecomment-320644308
----==_mimepart_598855a9eb89a_3c333fa798531c342798e6
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Will be fixed in the upcoming -02.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/204#issuecomment-320644308">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyHgA1w5bmguymkqqkdnDdZ2fUI4Nks5sVvupgaJpZM4JAZ6r">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyLl0q9wk5tM5D1G4vaOH3b-txLppks5sVvupgaJpZM4JAZ6r.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/204#issuecomment-320644308"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #204: Will be fixed in the upcoming -02."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/204#issuecomment-320644308"}}}</script>
----==_mimepart_598855a9eb89a_3c333fa798531c342798e6--


From nobody Mon Aug  7 04:58:36 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=zkRj6MwH2Y55SCm0VuMk9C3QFSo=; b=bOETF6jVwbV4CK/H OCr01MJbYbDBppaoKVE7FEtk2uEJzDWde9xkXrV6L9anNPwraF8nNVaxRkRoO25T Vwt17Q+V3bD5M8U6xaD2Ngt78ExISCu943fPpT4Pn+5Xn41IwIOMzXsPfQgul4f2 JHcAxJ8AwqWX70udDTVozG65o8k=
Date: Mon, 07 Aug 2017 11:58:32 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/245@github.com>
References: <httpwg/http-extensions/issues/245@github.com>
Subject: Re: [httpwg/http-extensions] document needs a "Changes from RFC 6265" appendix. (#245)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598855e8829d_34163fcd25e15c307606a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/usuJswwPWoz3O5dBtI2J0xXW9kQ>
Message-ID: <mailman.1325.1502107115.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 11:58:34 -0000

----==_mimepart_598855e8829d_34163fcd25e15c307606a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Added in -01: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-01#appendix-A.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/245#issuecomment-320644473
----==_mimepart_598855e8829d_34163fcd25e15c307606a
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Added in -01: <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-01#appendix-A">https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-01#appendix-A</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/245#issuecomment-320644473">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKV8h0CW4hl5TwFuZMlE8M7Kvflbks5sVvvogaJpZM4KTcU_">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyEQoxKUuwQVkQpqusKCp3fZIHF5sks5sVvvogaJpZM4KTcU_.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/245#issuecomment-320644473"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #245: Added in -01: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-01#appendix-A."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/245#issuecomment-320644473"}}}</script>
----==_mimepart_598855e8829d_34163fcd25e15c307606a--


From nobody Mon Aug  7 04:58:43 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 04:58:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502107112; bh=ESUZKiJWEsbghvGOWYgtO2GsnmHs+nfphVdIwkxZHrU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=1QoDyn1A2cscw+kXP+eVvTRD2dazKbMAcqUBTrKQY7uNT0H/eT9wPJKsUoBM3fsPJ R3QwHVo3KPy0c7AzK5zR8rTWz7YqkJakQkDx5Oy6B2/7sNocmaqa5h6EQpnL3/NREG X7SoWsVeuQdUinHspOc+x5BmqtH+a5te32WSoyoc=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/245@github.com>
References: <httpwg/http-extensions/issues/245@github.com>
Subject: Re: [httpwg/http-extensions] document needs a "Changes from RFC 6265" appendix. (#245)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598855e899dd5_65153fe4d5e15c2c1203a9"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/I2vYlRQGrZU1lYnWe31zmRKeUG8>
Message-ID: <mailman.1326.1502107121.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 11:58:35 -0000

----==_mimepart_598855e899dd5_65153fe4d5e15c2c1203a9
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #245.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/245#event-1195268227
----==_mimepart_598855e899dd5_65153fe4d5e15c2c1203a9
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/245" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/245" data-id="182220402" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#245</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/245#event-1195268227">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKV8h0CW4hl5TwFuZMlE8M7Kvflbks5sVvvogaJpZM4KTcU_">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyEQoxKUuwQVkQpqusKCp3fZIHF5sks5sVvvogaJpZM4KTcU_.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/245#event-1195268227"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #245."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/245#event-1195268227"}}}</script>
----==_mimepart_598855e899dd5_65153fe4d5e15c2c1203a9--


From nobody Mon Aug  7 05:03:44 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.454
X-Spam-Level: 
X-Spam-Status: No, score=-0.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=yVtTZsPncU5xNwx8bgTYtva8jmw=; b=Dn2b2ULQLu935SDt 9C3DdMO74PD9sqoU915UgdpaOg85W73msGjysHQzUcV4rxTcirnjwgDjXyR7X+fn vxjiy4InHVgZUh1ddUedFPJ+9Rs8N7cLp7Ehj95kKMQcbYlqUoRZe1DRK357gycG rtTXtY3SxuPxGYUMVkiolzKn1Kg=
Date: Mon, 07 Aug 2017 12:03:40 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/222@github.com>
References: <httpwg/http-extensions/issues/222@github.com>
Subject: Re: [httpwg/http-extensions] Host cookie-prefix requires Path attribute (#222)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5988571bee156_255f33ff3bb3fbc382835c"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/yvuYFz7DaCuwbDRDCPDuU_gRhw8>
Message-ID: <mailman.1329.1502107424.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 12:03:43 -0000

----==_mimepart_5988571bee156_255f33ff3bb3fbc382835c
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Poked at the algorithm in the upcoming -02 draft of RFC6265bis.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/222#issuecomment-320645441
----==_mimepart_5988571bee156_255f33ff3bb3fbc382835c
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Poked at the algorithm in the upcoming -02 draft of RFC6265bis.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/222#issuecomment-320645441">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyNQY84MUcQC5MKQoC35MXUixQnF8ks5sVv0bgaJpZM4JgSoR">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyJmTrZWU7MGdn8WmH9MzieNjQW-Zks5sVv0bgaJpZM4JgSoR.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/222#issuecomment-320645441"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #222: Poked at the algorithm in the upcoming -02 draft of RFC6265bis."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/222#issuecomment-320645441"}}}</script>
----==_mimepart_5988571bee156_255f33ff3bb3fbc382835c--


From nobody Mon Aug  7 05:23:20 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.454
X-Spam-Level: 
X-Spam-Status: No, score=-5.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 05:23:16 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502108596; bh=4UIooJ0g6yZLasE/m9evqYXOK3UdO1TI2e3BEjwy9Ek=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=BXE5PydBaBUnY3239gzk1v7w0oxTRc/QAFYhZQJdQ03AypWKzvC1H4ZHNBky1lm4Y XsD5ufeoPwUo7U0MEHetWsoZgKCP5T5C46yJEu+UG2D0oF52C8sjAgB8ZsFOisOLH2 0BzrDhpukN4FjSDlaVSVFQb3Qf+8mU4cdmFp1HHk=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/295@github.com>
References: <httpwg/http-extensions/issues/295@github.com>
Subject: Re: [httpwg/http-extensions] clarify round-tripping of double quotes around cookie value (#295)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59885bb4c6c2_5c43fe6ddb5fc301597d0"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/EYT3gd8X0UV0UhBcSaMuxgxc-cc>
Message-ID: <mailman.1330.1502108599.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 12:23:18 -0000

----==_mimepart_59885bb4c6c2_5c43fe6ddb5fc301597d0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Adding a note in -02.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/295#issuecomment-320649187
----==_mimepart_59885bb4c6c2_5c43fe6ddb5fc301597d0
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Adding a note in -02.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/295#issuecomment-320649187">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyG9-n89hVobxL4dmjgwNxpx5OOTFks5sVwG0gaJpZM4L_Gtd">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyGKPp8IkFCSFutP2exsqdoyOtIxnks5sVwG0gaJpZM4L_Gtd.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/295#issuecomment-320649187"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #295: Adding a note in -02."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/295#issuecomment-320649187"}}}</script>
----==_mimepart_59885bb4c6c2_5c43fe6ddb5fc301597d0--


From nobody Mon Aug  7 05:26:52 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.474
X-Spam-Level: 
X-Spam-Status: No, score=-5.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 05:26:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502108808; bh=u80+x/MccIr4OsjrM59vmxtr/SZ5fftOjESIviSWGtU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=vgLy2GZmZuEzjRUpZD3AG+vHu0vWBzuk6D28mwQKZUe/McIfifGPpchlStRuX2rj2 P0firU+8+QvRpQAm4mRdY6O8hyScq9kbePy6qHmdzYRYNb8MUdUwjxHeIdvGlji+jI KNMs+uczTGy2AAYOKIe4c2ivQ3UFqmiySJCHKLMI=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/201@github.com>
References: <httpwg/http-extensions/issues/201@github.com>
Subject: Re: [httpwg/http-extensions] SameSite: Clarify user-triggered navigation behavior. (#201)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59885c8867a4a_1d03fb45591bc2c1450de"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/m_VilUfo9r34FyRpYIJBP8zmhKU>
Message-ID: <mailman.1331.1502108811.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 12:26:50 -0000

----==_mimepart_59885c8867a4a_1d03fb45591bc2c1450de
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Will be addressed in the upcoming -02.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/201#issuecomment-320649799
----==_mimepart_59885c8867a4a_1d03fb45591bc2c1450de
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Will be addressed in the upcoming -02.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/201#issuecomment-320649799">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKYCV5OxJKcc-9u84zJzNnStx_gUks5sVwKIgaJpZM4I5wo1">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyH9SxM5q3UW_n7yfmenJG_gtDFyKks5sVwKIgaJpZM4I5wo1.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/201#issuecomment-320649799"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #201: Will be addressed in the upcoming -02."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/201#issuecomment-320649799"}}}</script>
----==_mimepart_59885c8867a4a_1d03fb45591bc2c1450de--


From nobody Mon Aug  7 05:45:36 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.596
X-Spam-Level: 
X-Spam-Status: No, score=-0.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=1KTX8CHETEVhmMN7Tmi4ntPHhsw=; b=lUpeaep63uZvKWFA yGNtYHXRqMd803S8o6HJIOY7kR3JUgGMc5A9RSD6J8WoqFZYlebB04CzSD1M6k2K XUCC5hDHwzSOvihLFXaeGh6MD3GxNTdPZdyIX8KHh1JSl6k+gOpoLJxrt+Uuy4PU KkwxxQb08Nq9NcEKkqimG5hLXvA=
Date: Mon, 07 Aug 2017 12:45:08 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/248@github.com>
References: <httpwg/http-extensions/issues/248@github.com>
Subject: Re: [httpwg/http-extensions] [6265bis] Add double-keying policy example to "Third-party cookies" section (#248)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598860d4268db_2873fb45591bc2c154738"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/kxP5TBAQX1B4B7IRrjHNb7O_Few>
Message-ID: <mailman.1336.1502109935.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 12:45:35 -0000

----==_mimepart_598860d4268db_2873fb45591bc2c154738
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I'll add in the editorial note discussed above in an upcoming -02 draft.

@michael-oneill: I don't intend to define a `DoubleKeyed` attribute in this round of edits, as it's not clear to me what value it would actually provide for developers. If you think it's something we ought to implement, I'd suggest sketching out an explainer document in a little more detail so we have a concrete problem we can discuss. :)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/248#issuecomment-320653522
----==_mimepart_598860d4268db_2873fb45591bc2c154738
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>I'll add in the editorial note discussed above in an upcoming -02 draft.=
</p>
<p><a href=3D"https://github.com/michael-oneill" class=3D"user-mention">@mi=
chael-oneill</a>: I don't intend to define a <code>DoubleKeyed</code> attri=
bute in this round of edits, as it's not clear to me what value it would ac=
tually provide for developers. If you think it's something we ought to impl=
ement, I'd suggest sketching out an explainer document in a little more det=
ail so we have a concrete problem we can discuss. :)</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/248#issuecomment-320653522">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyK-1IuxV5O4=
iQYq1oCiDtjffeXuzks5sVwbUgaJpZM4KUYwF">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyGGGb01mi0Au8=
9asfoUb0skYN2dGks5sVwbUgaJpZM4KUYwF.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/248#issuecomment-320653522"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mikewest in #248: I=
'll add in the editorial note discussed above in an upcoming -02 draft.\r\n=
\r\n@michael-oneill: I don't intend to define a `DoubleKeyed` attribute in =
this round of edits, as it's not clear to me what value it would actually p=
rovide for developers. If you think it's something we ought to implement, I=
'd suggest sketching out an explainer document in a little more detail so w=
e have a concrete problem we can discuss. :)"}],"action":{"name":"View Issu=
e","url":"https://github.com/httpwg/http-extensions/issues/248#issuecomment=
-320653522"}}}</script>=

----==_mimepart_598860d4268db_2873fb45591bc2c154738--


From nobody Mon Aug  7 06:09:01 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 06:08:57 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502111337; bh=yn6MdzNHrERmpVM1+jKYQ1a1NfaVmGG/DkP5MP/TfKk=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=1QE8U105vulJ/7l6UqcQPbabzm6tfWpKPAxudlzZLtNyV30hfboHRDXIvToXc9L8Y Bv5cgCkZE3JnkkxXr6C/Shg7sca22Pj9NfKtPl5gQlFwIm6/2qkfNL3bnGFBMjZxCv q6IWN3r+Gh5rXztxoNs4Z2lSc4zyU54OLHDXAADo=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/248@github.com>
References: <httpwg/http-extensions/issues/248@github.com>
Subject: Re: [httpwg/http-extensions] [6265bis] Add double-keying policy example to "Third-party cookies" section (#248)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598866693782d_1fdd3fab814c1c30818b8"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/BYiFllf4xeaEra7Sko7QbMZzhbg>
Message-ID: <mailman.1337.1502111341.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 13:09:00 -0000

----==_mimepart_598866693782d_1fdd3fab814c1c30818b8
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #248 via 1c2c5c5fce6ba367cc459e7d92d590edbb082d64.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/248#event-1195368646
----==_mimepart_598866693782d_1fdd3fab814c1c30818b8
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/248" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/248" data-id="182440184" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#248</a> via <a href="https://github.com/httpwg/http-extensions/commit/1c2c5c5fce6ba367cc459e7d92d590edbb082d64" class="commit-link"><tt>1c2c5c5</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/248#event-1195368646">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyGNH0RlzOhxuZmcybIQwp6tIDogtks5sVwxpgaJpZM4KUYwF">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyHk1r7Gojd1nkhVhVht9l1FLQKSqks5sVwxpgaJpZM4KUYwF.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/248#event-1195368646"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #248 via 1c2c5c5fce6ba367cc459e7d92d590edbb082d64."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/248#event-1195368646"}}}</script>
----==_mimepart_598866693782d_1fdd3fab814c1c30818b8--


From nobody Mon Aug  7 06:09:06 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 06:08:57 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502111337; bh=Z1b4sD3CcS0hG//Iw45nYIlklQxEz2c8gacWMoUC2Tg=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VzJx1DVKwliNig7puonnS13vpVkuJlyaZIMNShiiGdVNdSEPf3+NGIa0n1ZhA0gEH gP7U/C11u/34Uz4E7Wz+gJMhtXskmL9R8CeWE9/+0tG7GalvOGyAQidtdclwxHruOw 3GBbTfgcRi+jnfgQW7J5Sv5in8uNfL9+WV40iE4c=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/295@github.com>
References: <httpwg/http-extensions/issues/295@github.com>
Subject: Re: [httpwg/http-extensions] clarify round-tripping of double quotes around cookie value (#295)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598866698e2bb_5ef23feab32e1c3c16047"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/rkGvRgCoytfbmfBF-DdI9y6XLUE>
Message-ID: <mailman.1338.1502111341.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 13:09:01 -0000

----==_mimepart_598866698e2bb_5ef23feab32e1c3c16047
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #295 via 13f54b9ba7c439e91a83dc3d880487ec76d1b957.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/295#event-1195368639
----==_mimepart_598866698e2bb_5ef23feab32e1c3c16047
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/295" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/295" data-id="207194199" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#295</a> via <a href="https://github.com/httpwg/http-extensions/commit/13f54b9ba7c439e91a83dc3d880487ec76d1b957" class="commit-link"><tt>13f54b9</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/295#event-1195368639">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyAg4oGlgn_kapcE_H6TvDpdkbMnAks5sVwxpgaJpZM4L_Gtd">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyJLANorEdQUWFruesAiipw0lerwiks5sVwxpgaJpZM4L_Gtd.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/295#event-1195368639"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #295 via 13f54b9ba7c439e91a83dc3d880487ec76d1b957."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/295#event-1195368639"}}}</script>
----==_mimepart_598866698e2bb_5ef23feab32e1c3c16047--


From nobody Mon Aug  7 06:09:15 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 06:08:57 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502111337; bh=Be1eXcSM4a4xKgF42ILhTuYd/bfg1DeItHYeUWxvDdU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=VFU+dSNOWgIKhjPcZ7PylkEoBKUa4kKfSPeoOl8/Wtu93uJzPCfgRUNmgfYYHWJZi 7RrLOcO8Y1QhN6kZnO8d0O5QQzWHQmx2sE5dsOQqrxvxYxFl8vBQTUnQ4iaBTg2vf8 9EhWRDxXH3iKteGtSo7fHgCj8Ly1PKF/lzDrAirM=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/222@github.com>
References: <httpwg/http-extensions/issues/222@github.com>
Subject: Re: [httpwg/http-extensions] Host cookie-prefix requires Path attribute (#222)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59886669b14f3_5d983feab32e1c3c138057"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/4QqF493h5ZvCl0yUYPcF0u6vxhs>
Message-ID: <mailman.1339.1502111351.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 13:09:01 -0000

----==_mimepart_59886669b14f3_5d983feab32e1c3c138057
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #222 via 09beb9549f5157b96493343085aec7b9b1d568aa.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/222#event-1195368637
----==_mimepart_59886669b14f3_5d983feab32e1c3c138057
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/222" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/222" data-id="170216920" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#222</a> via <a href="https://github.com/httpwg/http-extensions/commit/09beb9549f5157b96493343085aec7b9b1d568aa" class="commit-link"><tt>09beb95</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/222#event-1195368637">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKdQ72eRqiCCRuksVfFsXQ6FT-Cwks5sVwxpgaJpZM4JgSoR">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyGmMbXZXAunyyT_41givgdNwguYMks5sVwxpgaJpZM4JgSoR.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/222#event-1195368637"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #222 via 09beb9549f5157b96493343085aec7b9b1d568aa."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/222#event-1195368637"}}}</script>
----==_mimepart_59886669b14f3_5d983feab32e1c3c138057--


From nobody Mon Aug  7 06:09:19 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=z/KDQ+W2H00x9x1L0EuaR2ZWk20=; b=rxNMOWH3dFJxgYdG VI8Rt8HVQGlDaWiICNiQxrFW3FSSdmpDSfN48tIKEJ91gPaVH8kjwVYO4EukLPu5 8MeENyUuje6Dsx/v5wlyL+NxWpocSn+4Tb/ANaPEkCyvatZ5kuJ/OhLhUCKot4c9 2mBcX+xujvWyLxHRn8xZcsiGKa0=
Date: Mon, 07 Aug 2017 13:08:57 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/302@github.com>
References: <httpwg/http-extensions/issues/302@github.com>
Subject: Re: [httpwg/http-extensions] Typo in SameSite cookie algorithm (?) (#302)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598866697b696_b0a3ff34672fc306646d"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/A1oOJ7RSAccVkjiN6AzcqwzkB_k>
Message-ID: <mailman.1340.1502111353.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 13:09:02 -0000

----==_mimepart_598866697b696_b0a3ff34672fc306646d
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #302 via 511907327e156ecd9a98fde81fec0502f8fa3595.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/302#event-1195368634
----==_mimepart_598866697b696_b0a3ff34672fc306646d
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/302" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/302" data-id="209619212" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#302</a> via <a href="https://github.com/httpwg/http-extensions/commit/511907327e156ecd9a98fde81fec0502f8fa3595" class="commit-link"><tt>5119073</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/302#event-1195368634">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyF4HXIU7LKpFh1vtawqohKAcr1Hkks5sVwxpgaJpZM4MJWhe">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyNunxcLm4jKdYDsu13SG_zD45MlGks5sVwxpgaJpZM4MJWhe.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/302#event-1195368634"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #302 via 511907327e156ecd9a98fde81fec0502f8fa3595."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/302#event-1195368634"}}}</script>
----==_mimepart_598866697b696_b0a3ff34672fc306646d--


From nobody Mon Aug  7 06:09:25 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.382
X-Spam-Level: 
X-Spam-Status: No, score=-0.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=1GR/lCxKnvW+GHRkcriuczAVnyY=; b=lV9HgR9eWzIhsj97 Dmv87KER+VqjowzS2vHXCE58XkFpUIF7BwOAbLiwglHZWMlg03J1fHl3Csl96rPu MV4ORsIguB//Ru22hnvQn6cEgn664qs1er5dH6AVJriJwQN9ZWJZ9M8PR2c9/6aQ lS6DNi0cV2Pu/DeqEW+Wa4SW4ZE=
Date: Mon, 07 Aug 2017 13:08:58 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/201@github.com>
References: <httpwg/http-extensions/issues/201@github.com>
Subject: Re: [httpwg/http-extensions] SameSite: Clarify user-triggered navigation behavior. (#201)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5988666a7273e_6a463ff34672fc30116128"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/GLbIpT6BEdnY02fIduGrJm5IqCw>
Message-ID: <mailman.1341.1502111353.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 13:09:02 -0000

----==_mimepart_5988666a7273e_6a463ff34672fc30116128
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #201 via f5421698febe5ef4f1a157a6e59c774bee2d893b.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/201#event-1195368644
----==_mimepart_5988666a7273e_6a463ff34672fc30116128
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/201" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/201" data-id="161209491" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#201</a> via <a href="https://github.com/httpwg/http-extensions/commit/f5421698febe5ef4f1a157a6e59c774bee2d893b" class="commit-link"><tt>f542169</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/201#event-1195368644">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyJ5VC-kmKzBUVk2F6X7HsUwd2RDPks5sVwxqgaJpZM4I5wo1">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyPZ9dySCFq_ygvInQ8KbeArdPi-6ks5sVwxqgaJpZM4I5wo1.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/201#event-1195368644"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #201 via f5421698febe5ef4f1a157a6e59c774bee2d893b."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/201#event-1195368644"}}}</script>
----==_mimepart_5988666a7273e_6a463ff34672fc30116128--


From nobody Mon Aug  7 06:09:29 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.382
X-Spam-Level: 
X-Spam-Status: No, score=-0.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=l+vHfatRNe498F+wQe3sC1BKHxY=; b=Dt3hx/B0kcVUsqvJ 5NEIdNQzlgIBQvEXxpQGRTXJDVckAnOnOLCpRSQUoWtLYVYwdNLCsrvXFPocaxpM t+IruTPafLVIS/R6wnp6140TFq8opq/7hs68iUZS9OTHYuD5RItxVFHSjbeIO3Ow vXYJ1sxBZDqqdkpIkw+4QyLbdFU=
Date: Mon, 07 Aug 2017 13:08:58 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/204@github.com>
References: <httpwg/http-extensions/issues/204@github.com>
Subject: Re: [httpwg/http-extensions] enhance title of RFC6265 to include "cookies" term (#204)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59886669edd82_289d3fbe9545fc34880b7"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/iGROCUbfwH-grSBmRfZQK7U4-G8>
Message-ID: <mailman.1344.1502111354.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 13:09:06 -0000

----==_mimepart_59886669edd82_289d3fbe9545fc34880b7
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #204 via 68511259f0af478fcf0764f62288020f646898e5.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/204#event-1195368632
----==_mimepart_59886669edd82_289d3fbe9545fc34880b7
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/204" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/204" data-id="162756566" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#204</a> via <a href="https://github.com/httpwg/http-extensions/commit/68511259f0af478fcf0764f62288020f646898e5" class="commit-link"><tt>6851125</tt></a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/204#event-1195368632">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyFhFwflrRHegpgZv9lKAZQlDKdoaks5sVwxpgaJpZM4JAZ6r">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyCmpok-uxC5sWoK89vSQQKfw1kkWks5sVwxpgaJpZM4JAZ6r.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/204#event-1195368632"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #204 via 68511259f0af478fcf0764f62288020f646898e5."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/204#event-1195368632"}}}</script>
----==_mimepart_59886669edd82_289d3fbe9545fc34880b7--


From nobody Mon Aug  7 10:54:29 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.254
X-Spam-Level: 
X-Spam-Status: No, score=-8.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 07 Aug 2017 10:54:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502128465; bh=xnRYGrx8W9lX0aFpa5zxWkKnz9Y7XOlgwm6r5tbzz+k=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=csJ4TT2NW1q7mUbZFWrsnpideYeWCDsWR5Hpn+T6rsBQLLnf9XcSHgSMWTaFKWhgV NpDLn9e2Ube2PabLz8Js571y0LPnNpEmeoKeGEOqGhfao+VgzGB3E2y5LTSXL5YZp7 K07J0SHQt7n2OtYeiKteUPuoBf0ta0IqlnuhdeDw=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/248@github.com>
References: <httpwg/http-extensions/issues/248@github.com>
Subject: Re: [httpwg/http-extensions] [6265bis] Add double-keying policy example to "Third-party cookies" section (#248)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5988a95193029_314c3fb3ea41bc381085d2"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/tqI24NlgqlbInE3EJLy7ARRs-Sw>
Message-ID: <mailman.1412.1502128468.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 17:54:28 -0000

----==_mimepart_5988a95193029_314c3fb3ea41bc381085d2
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Looks great. Thanks!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/248#issuecomment-320734058
----==_mimepart_5988a95193029_314c3fb3ea41bc381085d2
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Looks great. Thanks!</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/248#issuecomment-320734058">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyPI-gLlwz6ITKM5tFlmwsgFutBtsks5sV09RgaJpZM4KUYwF">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyNMhZdJ_iCm1YlZ7HtbQo40B8Gtxks5sV09RgaJpZM4KUYwF.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/248#issuecomment-320734058"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@arthuredelstein in #248: Looks great. Thanks!"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/248#issuecomment-320734058"}}}</script>
----==_mimepart_5988a95193029_314c3fb3ea41bc381085d2--


From nobody Mon Aug  7 18:47:49 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.381
X-Spam-Level: 
X-Spam-Status: No, score=-0.381 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=ejGIypKthzdsbtB+HROAe1DqpU0=; b=tWcVBBWX6lp3WGoV XpZ3+lxjkFSD7HcD4CFbchR9t+WqTTKvxla6lZm4xnAII6nBjoabwToB0LtXFFWB Pbier19gfOk+WRcLfOfDpe5ayjiwtxRCpzSU1xXDAAQCXYmfM4zI6O8Fd1viHyfu OvKLkqHvaWhH0PaiGkKEG9QKQ3g=
Date: Tue, 08 Aug 2017 01:47:46 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5989184270247_c353fc99fa91c3c560e8"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/vUC3AlGh7-i8jqcnRk-drZCZ9Yc>
Message-ID: <mailman.1469.1502156869.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Aug 2017 01:47:49 -0000

----==_mimepart_5989184270247_c353fc99fa91c3c560e8
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

e9bdf4a  explain what a client should expect (rather than explaining what it should not) for multli-103 case, considering the fact that it is a clarification of the specification


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/380/files/ecb2c7e5033f27bc6284024d5496ed95bfb6be65..e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6

----==_mimepart_5989184270247_c353fc99fa91c3c560e8
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/e9bdf4a" class="commit-link">e9bdf4a</a>  explain what a client should expect (rather than explaining what it should not) for multli-103 case, considering the fact that it is a clarification of the specification</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/380/files/ecb2c7e5033f27bc6284024d5496ed95bfb6be65..e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyODX8kmUpieisc-hlEwoxndubnYYks5sV75CgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyP41MOvhVCosoaTdpD9RZ8lGH_wYks5sV75CgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380/files/ecb2c7e5033f27bc6284024d5496ed95bfb6be65..e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #380"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380/files/ecb2c7e5033f27bc6284024d5496ed95bfb6be65..e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6"}}}</script>

----==_mimepart_5989184270247_c353fc99fa91c3c560e8--


From nobody Tue Aug  8 22:10:45 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.382
X-Spam-Level: 
X-Spam-Status: No, score=-0.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=lj+vGkK/gkPvqw5HFkwksy5Kho4=; b=vloEAHDQqzd/3Ymg /HOW+j+5vbmxH5JyoQot3KV3B1OKNMrKsV7q5sn7ydFpHs/XWYS5etBvtLLz0jXo 64FX2ga4uj4KjFiKHiK8n7wZna1UZjCOZFLQsDj9GQfX2PCNdtV8gfuoeNnIz2xS FOeaRq+dazTAGeCJ74P3nXyzeSE=
Date: Wed, 09 Aug 2017 05:10:42 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/379@github.com>
References: <httpwg/http-extensions/pull/379@github.com>
Subject: Re: [httpwg/http-extensions] ref formatting (#379)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598a99523412_7af3fc3a30f5c341140a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/qdjKJ5BwSOyztPO1iGtmZjIALUk>
Message-ID: <mailman.1652.1502255444.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 05:10:44 -0000

----==_mimepart_598a99523412_7af3fc3a30f5c341140a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Merged #379.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/379#event-1198429900
----==_mimepart_598a99523412_7af3fc3a30f5c341140a
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Merged <a href="https://github.com/httpwg/http-extensions/pull/379" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/379" data-id="248253104" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#379</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/379#event-1198429900">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyF1HMzoX4qHvfHMPYQmG3kGOjHxVks5sWT9SgaJpZM4Ouwfm">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyOfak1Akimt7QSKktCdXkdMkZXKjks5sWT9SgaJpZM4Ouwfm.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/379#event-1198429900"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Merged #379."}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/379#event-1198429900"}}}</script>
----==_mimepart_598a99523412_7af3fc3a30f5c341140a--


From nobody Wed Aug  9 03:19:03 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=e4opflachl/9TeKmrtjL1cG5jtY=; b=tWFAQ8OirnHDLiCx XSb8WEQg2XjCppmdoewxnK73sQjGuG+6R/Xp6SFCiwIHbZoclyCMB67IhfHClgX2 pe5MjwERsL5lWXsZIpSWkdhlYAXj8CT+NwmJNpTC5eH9+oGH01djcyBxUP6irF6a pvjOxHYUGUp0JAu1Q6HYfHOo4po=
Date: Wed, 09 Aug 2017 10:18:48 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] RFC 2616 -> 723x (#381)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598ae187802d8_4bfe3ffa1de0dc2c968f4"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/fn0Y2et6utGh_sVO4e8NoZOkieU>
Message-ID: <mailman.1683.1502273942.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 10:19:01 -0000

----==_mimepart_598ae187802d8_4bfe3ffa1de0dc2c968f4
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I left the term "request-uri" untouched (it was renamed in the base spec because it's not always a URI). We may want to change that separately, or even refer to the effective request URI (https://www.greenbytes.de/tech/webdav/rfc7230.html#effective.request.uri)
You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/381

-- Commit Summary --

  * RFC 2616 -> 723x

-- File Changes --

    M draft-ietf-httpbis-rfc6265bis.md (12)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/381.patch
https://github.com/httpwg/http-extensions/pull/381.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/381

----==_mimepart_598ae187802d8_4bfe3ffa1de0dc2c968f4
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>I left the term "request-uri" untouched (it was renamed in the base spec because it's not always a URI). We may want to change that separately, or even refer to the effective request URI (<a href="https://www.greenbytes.de/tech/webdav/rfc7230.html#effective.request.uri">https://www.greenbytes.de/tech/webdav/rfc7230.html#effective.request.uri</a>)</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/381'>https://github.com/httpwg/http-extensions/pull/381</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>RFC 2616 -&gt; 723x</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/381/files#diff-0">draft-ietf-httpbis-rfc6265bis.md</a>
    (12)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/381.patch'>https://github.com/httpwg/http-extensions/pull/381.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/381.diff'>https://github.com/httpwg/http-extensions/pull/381.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/381">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyOyR_fZG6ZzAmX3JYXwfzsBSwiSzks5sWYeHgaJpZM4Ox4NL">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyJWOWuJyIKDfBjBxSK5RL39wyYg_ks5sWYeHgaJpZM4Ox4NL.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/381"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"RFC 2616 -\u003e 723x (#381)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/381"}}}</script>

----==_mimepart_598ae187802d8_4bfe3ffa1de0dc2c968f4--


From nobody Thu Aug 10 07:08:07 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level: 
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=IuoIHPACg+dh5QFdFI+NoNwPOiY=; b=tKwu+/D7+c1iybmZ szKwbycrGsGkUIurvxomZQpNaBiGNS20uW7mARm8w/OMXQe8XYIyg2s9iRKYy+nr XxU36etoUK7gTXU4rd47Tly1P2YJWL+5AMsB727OPlGNvsuUFXehMrgZSf+Dh3oc LzJmdcxrRZa5YhEeWFJyIpXk2UI=
Date: Thu, 10 Aug 2017 14:07:46 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598c68b194508_116e3fb49e0fdc2c171098"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/NSft_UgjCCMxeC4JnbghvC-tGEs>
Message-ID: <mailman.1913.1502374087.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 14:08:06 -0000

----==_mimepart_598c68b194508_116e3fb49e0fdc2c171098
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Apologies for the late reply (was exploring the Canadian wilderness...)

I don't see a particular problem with double keying but I also don't to see the privacy advantages of it. As @igrigorik said earlier, all third parties will add an automatic ACHL and will get the hints as soon as the main document opts-in, meaning the situation will not be different from today.

I think the concerns that @arturjanc raises are real and ACHL will expose new information regarding origins that are not capable of running scripts in the context of the page, new info regarding viewport, DPR and network conditions that they don't currently have. 

Maybe we need `Accept-CH-Lifetime` to be able to define a list of hosts that will get subresource hints? I vaguely remember us discussing a proposal in that spirit in the past, but failing to find references to such a discussion.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-321561685
----==_mimepart_598c68b194508_116e3fb49e0fdc2c171098
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Apologies for the late reply (was exploring the Canadian wilderness...)<=
/p>
<p>I don't see a particular problem with double keying but I also don't to =
see the privacy advantages of it. As <a href=3D"https://github.com/igrigori=
k" class=3D"user-mention">@igrigorik</a> said earlier, all third parties wi=
ll add an automatic ACHL and will get the hints as soon as the main documen=
t opts-in, meaning the situation will not be different from today.</p>
<p>I think the concerns that <a href=3D"https://github.com/arturjanc" class=
=3D"user-mention">@arturjanc</a> raises are real and ACHL will expose new i=
nformation regarding origins that are not capable of running scripts in the=
 context of the page, new info regarding viewport, DPR and network conditio=
ns that they don't currently have.</p>
<p>Maybe we need <code>Accept-CH-Lifetime</code> to be able to define a lis=
t of hosts that will get subresource hints? I vaguely remember us discussin=
g a proposal in that spirit in the past, but failing to find references to =
such a discussion.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/372#issuecomment-321561685">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyORkh58Mqqi=
2QmSfJGLfKzPkabrSks5sWw6xgaJpZM4Oc7TI">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyEsVUJl-jqDzS=
t6QpIhDIQwNKX4Gks5sWw6xgaJpZM4Oc7TI.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/372#issuecomment-321561685"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@yoavweiss in #372: =
Apologies for the late reply (was exploring the Canadian wilderness...)\r\n=
\r\nI don't see a particular problem with double keying but I also don't to=
 see the privacy advantages of it. As @igrigorik said earlier, all third pa=
rties will add an automatic ACHL and will get the hints as soon as the main=
 document opts-in, meaning the situation will not be different from today.\=
r\n\r\nI think the concerns that @arturjanc raises are real and ACHL will e=
xpose new information regarding origins that are not capable of running scr=
ipts in the context of the page, new info regarding viewport, DPR and netwo=
rk conditions that they don't currently have. \r\n\r\nMaybe we need `Accept=
-CH-Lifetime` to be able to define a list of hosts that will get subresourc=
e hints? I vaguely remember us discussing a proposal in that spirit in the =
past, but failing to find references to such a discussion."}],"action":{"na=
me":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/37=
2#issuecomment-321561685"}}}</script>=

----==_mimepart_598c68b194508_116e3fb49e0fdc2c171098--


From nobody Thu Aug 10 20:34:12 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=HzvdeJlxR6p2Y9zgaDD9VAg4WQE=; b=mp6rYJPvDVferjbE mNWJ80zmQWjNX1VOPUaIbLufLcLnXB8fplj/ut6edulf5P3uDB/wwasqPzsSEpEE U37ACOA7KenRYzmd/ipeuSjDcbTRifmmxYboM4DZV8Dp6DbsVxXxGfpY+J3EdcIe CPK+a54YjKvjsRSgxdYavLtBGxA=
Date: Fri, 11 Aug 2017 03:34:08 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598d25b09c15f_4e2c3f9d32567c3c41220"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/pMV1m3iZWyl8LTWhT3kNpayTjHQ>
Message-ID: <mailman.2021.1502422452.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 03:34:12 -0000

----==_mimepart_598d25b09c15f_4e2c3f9d32567c3c41220
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

5b054b3  adopt https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0324.html


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/380/files/e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6..5b054b3f5317d4c437a37172e950002bb3c0a6f5

----==_mimepart_598d25b09c15f_4e2c3f9d32567c3c41220
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/5b054b3" class="commit-link">5b054b3</a>  adopt https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0324.html</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/380/files/e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6..5b054b3f5317d4c437a37172e950002bb3c0a6f5">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyATGR2RT9iymKvrWpkcsu5HYLzWbks5sW8uwgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyOuOPRiG9cDsb_oePrXe7rFpXB3sks5sW8uwgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380/files/e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6..5b054b3f5317d4c437a37172e950002bb3c0a6f5"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #380"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380/files/e9bdf4aa89a79069f037b48d1875cf8b5a3c56e6..5b054b3f5317d4c437a37172e950002bb3c0a6f5"}}}</script>

----==_mimepart_598d25b09c15f_4e2c3f9d32567c3c41220--


From nobody Thu Aug 10 20:35:14 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 10 Aug 2017 20:35:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502422509; bh=EH6goiPtGXKcekjQOMX60MLE0loYKEbgHKhsoWhZQTw=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Q153IfTxXVqasg1H/UhZMrnA7ay2I99xUWAm2wq1ASK5qRSQQFk0i7rhuiJ1xAZRs Z+FYdVWHnxFvfq0ljKgYU+1Wkmg2CckUmsPeGyl3jvXd5LfCyXrJ4YHVGJ4EiHe5Uk iLeBhYXE6xxZUGHgXso8YB3V2UpwQJm42jP4v6EY=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598d25ed471f5_11c03fe27962fc3c96634"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/7qDabIDqyVNUanifJmCeZEfA2Ng>
Message-ID: <mailman.2022.1502422513.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 03:35:12 -0000

----==_mimepart_598d25ed471f5_11c03fe27962fc3c96634
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

641c10e  remove superflous `is`


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/380/files/5b054b3f5317d4c437a37172e950002bb3c0a6f5..641c10e2bc9eaa68814ba631400a58507d8f1bed

----==_mimepart_598d25ed471f5_11c03fe27962fc3c96634
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/641c10e" class="commit-link">641c10e</a>  remove superflous `is`</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/380/files/5b054b3f5317d4c437a37172e950002bb3c0a6f5..641c10e2bc9eaa68814ba631400a58507d8f1bed">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyPht9PcPDk4IScgJmxjwK4Q8S3rtks5sW8vtgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyHg6OD8WfWYzPLcYC7qYRkme20--ks5sW8vtgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380/files/5b054b3f5317d4c437a37172e950002bb3c0a6f5..641c10e2bc9eaa68814ba631400a58507d8f1bed"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #380"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380/files/5b054b3f5317d4c437a37172e950002bb3c0a6f5..641c10e2bc9eaa68814ba631400a58507d8f1bed"}}}</script>

----==_mimepart_598d25ed471f5_11c03fe27962fc3c96634--


From nobody Thu Aug 10 20:35:53 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.182
X-Spam-Level: 
X-Spam-Status: No, score=-3.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=gBcaSplumnr7USdHphe75eurhQA=; b=TaKUx+HdZdWmmhVK G8IzSHj+7UjFKBe8RecMDMxYV9+Mi16uMpywa+pkO8ZQSIQhyOv0a5ikZMA+FytB Rp9H5PbmuvyHO5rWjCFYJTQZc83z5WCsB1Coy6dAL/uzRWhACzSo2jZRqYdEkvtC 1gdhMPzpEZA1QEiLw/Nm9eBosUk=
Date: Fri, 11 Aug 2017 03:35:48 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598d26142320b_43af3fa738047c381238e0"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/aqXwHmcqrxmUYgtqHILePi7iOmc>
Message-ID: <mailman.2023.1502422552.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 03:35:51 -0000

----==_mimepart_598d26142320b_43af3fa738047c381238e0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

46c1a48  avoid lower-case "may"


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/380/files/641c10e2bc9eaa68814ba631400a58507d8f1bed..46c1a48513177863dfab237497eef5ec9e6ec9eb

----==_mimepart_598d26142320b_43af3fa738047c381238e0
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/46c1a48" class="commit-link">46c1a48</a>  avoid lower-case &quot;may&quot;</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/380/files/641c10e2bc9eaa68814ba631400a58507d8f1bed..46c1a48513177863dfab237497eef5ec9e6ec9eb">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyPj5dDRS9bw8fvBcrPlrzpQSY8BEks5sW8wUgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyBNA1M7bgZsSWQp0bYwfbnylGaR2ks5sW8wUgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380/files/641c10e2bc9eaa68814ba631400a58507d8f1bed..46c1a48513177863dfab237497eef5ec9e6ec9eb"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #380"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380/files/641c10e2bc9eaa68814ba631400a58507d8f1bed..46c1a48513177863dfab237497eef5ec9e6ec9eb"}}}</script>

----==_mimepart_598d26142320b_43af3fa738047c381238e0--


From nobody Thu Aug 10 20:37:17 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 10 Aug 2017 20:37:14 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502422634; bh=/3rZI/JgqDLT+MuC+x2RW026rsJm/CMbM8vxO4pV1/I=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=14KA8vWoMMsv+cu9tz6MIZ18jpfjCcFrqQMSB2AOF387Al4PE+77ledJ0tW2y+gC3 pe6o47Us4Jo9yN9qxYp7udwYhuAemstwkhL6B92yMEjhyHT343OntUvA2OB6re0Q+o 24K4qMyEbPSJCMmEDsOaxG7ttw/ceKvHeY5UBxUg=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598d266a1fcfa_27f83f9d32567c3c46180"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/qDgLehCdXKLfXUI3J-wf-H39--8>
Message-ID: <mailman.2024.1502422637.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 03:37:16 -0000

----==_mimepart_598d266a1fcfa_27f83f9d32567c3c46180
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

85d06dc  revert introduction of a separate section


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/380/files/46c1a48513177863dfab237497eef5ec9e6ec9eb..85d06dcffda830f3a1145275e5b89c922ca1739b

----==_mimepart_598d266a1fcfa_27f83f9d32567c3c46180
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/85d06dc" class="commit-link">85d06dc</a>  revert introduction of a separate section</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/380/files/46c1a48513177863dfab237497eef5ec9e6ec9eb..85d06dcffda830f3a1145275e5b89c922ca1739b">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyHFhVYp2ZtLmd_qExjPhxOg4Nntvks5sW8xqgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyJelgvRzFqcTsz0bhPD0HnLXjOHWks5sW8xqgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380/files/46c1a48513177863dfab237497eef5ec9e6ec9eb..85d06dcffda830f3a1145275e5b89c922ca1739b"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #380"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380/files/46c1a48513177863dfab237497eef5ec9e6ec9eb..85d06dcffda830f3a1145275e5b89c922ca1739b"}}}</script>

----==_mimepart_598d266a1fcfa_27f83f9d32567c3c46180--


From nobody Thu Aug 10 20:55:54 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.382
X-Spam-Level: 
X-Spam-Status: No, score=-0.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=W5tAxS4Jg10xx9TT8kJPkp+i+zo=; b=UCqUOfEGh+W/iCpL F5k0vCi/YhhOJjKzFwFVnVRawhLHwzxakIprWMHZojb0W/C3G60G1Evb1YPXaVWw F0DhdbMqxkf8/0yKSYFrxVF9uu7IvSgHWvpiODdp149+8EM4rtursu/frfVYPkoq fy3kJEVfZzZpkHImFejReiw1IV0=
Date: Fri, 11 Aug 2017 03:55:50 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Push <push@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598d2ac633f21_16103f901328fc3451389"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/uG0N7ek8NkMU63FrlzDW8cTZgtA>
Message-ID: <mailman.2027.1502423754.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 03:55:53 -0000

----==_mimepart_598d2ac633f21_16103f901328fc3451389
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@kazuho pushed 1 commit.

2f6f42d  add example


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/httpwg/http-extensions/pull/380/files/85d06dcffda830f3a1145275e5b89c922ca1739b..2f6f42de65505557e9ecf55dd9e5e6d7d567a3fa

----==_mimepart_598d2ac633f21_16103f901328fc3451389
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/kazuho" class="user-mention">@kazuho</a> pushed 1 commit.</p>

<ul>
  <li><a href="https://github.com/httpwg/http-extensions/commit/2f6f42d" class="commit-link">2f6f42d</a>  add example</li>
</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br /><a href="https://github.com/httpwg/http-extensions/pull/380/files/85d06dcffda830f3a1145275e5b89c922ca1739b..2f6f42de65505557e9ecf55dd9e5e6d7d567a3fa">View it on GitHub</a> or <a href="https://github.com/notifications/unsubscribe-auth/AORpyNzBoi-Z47QclPYsEchuL-tNf8Jyks5sW9DGgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyCVXE78ZckZDWjD5vHSHK-b5fZMtks5sW9DGgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380/files/85d06dcffda830f3a1145275e5b89c922ca1739b..2f6f42de65505557e9ecf55dd9e5e6d7d567a3fa"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@kazuho pushed 1 commit in #380"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380/files/85d06dcffda830f3a1145275e5b89c922ca1739b..2f6f42de65505557e9ecf55dd9e5e6d7d567a3fa"}}}</script>

----==_mimepart_598d2ac633f21_16103f901328fc3451389--


From nobody Thu Aug 10 21:00:39 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.382
X-Spam-Level: 
X-Spam-Status: No, score=-5.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 10 Aug 2017 21:00:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502424035; bh=3MU7E/a6u+4Si9F2l3rCNsKGPLIt/5IhTm6EMzHwTyQ=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=W/J0E+gIZyPkwewLlip43rzyw9e8U4/JpHtyCnQogeSli7C1VKSbj0lEyP0Xqfbdr 3ufh+Sp2QGoByzl99Jc5oWwlF8CvTj8kvAEL5Vxv882tVLLg09z4W7XKtB5mKDVe4V C2ieFmqG44b5trwMzmxNGW0XS4lLl8jJCssvmQZs=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/371@github.com>
References: <httpwg/http-extensions/issues/371@github.com>
Subject: Re: [httpwg/http-extensions] multiple 103s are cumulating or overwriting headers? (#371)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598d2be32602c_101f3fae95c2bc341081c"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/Y1Y_mZDt5g3HEmmyIaclQx3aZd0>
Message-ID: <mailman.2030.1502424038.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 04:00:38 -0000

----==_mimepart_598d2be32602c_101f3fae95c2bc341081c
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #371 via #380.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/371#event-1202035059
----==_mimepart_598d2be32602c_101f3fae95c2bc341081c
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/371" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/371" data-id="243827582" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#371</a> via <a href="https://github.com/httpwg/http-extensions/pull/380" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/380" data-id="248310270" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#380</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/371#event-1202035059">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyIkoWTh6yWou0XK_2Nb4et0SAsbnks5sW9HjgaJpZM4Ob0nC">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyA5SKX7FyMLF9fhA5F1DsZPWtTsRks5sW9HjgaJpZM4Ob0nC.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/371#event-1202035059"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #371 via #380."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/371#event-1202035059"}}}</script>
----==_mimepart_598d2be32602c_101f3fae95c2bc341081c--


From nobody Thu Aug 10 21:00:47 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 10 Aug 2017 21:00:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502424035; bh=52N7GKkN1yq9MWwmwQTSe/HUs3TMOiVSgvLJgY5UZLs=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=hd4wqYBe7Q0S0oTB9W3YDERf0qmnG98g0r+g6PEdOph1tRYWHaSK9cz2Tih0/2NI/ 89ynNavzh0jSBt6+udJtiWshno69IHB2qCSBnSA47Ki18FlWD7jrExO3+WP0oOTs7+ LiBSGVVSSSOfQzXnai3xWs7ZUcH2YcJudjCaWmgw=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/380@github.com>
References: <httpwg/http-extensions/pull/380@github.com>
Subject: Re: [httpwg/http-extensions] clarify multi-103 behavior (#380)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_598d2be37363a_288e3fae301fbc3826747"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/33bbSmHsgoaTAMffLkLinKCwaWc>
Message-ID: <mailman.2031.1502424046.3714.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 04:00:39 -0000

----==_mimepart_598d2be37363a_288e3fae301fbc3826747
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Merged #380.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/380#event-1202035056
----==_mimepart_598d2be37363a_288e3fae301fbc3826747
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Merged <a href="https://github.com/httpwg/http-extensions/pull/380" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/380" data-id="248310270" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#380</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/380#event-1202035056">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyIwBz08KBT6tzyEQ4SsuISdm1bNjks5sW9HjgaJpZM4OvAXM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyJ4DsMHvZUtqSbI6DDvEbkSFg6wkks5sW9HjgaJpZM4OvAXM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/380#event-1202035056"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Merged #380."}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/380#event-1202035056"}}}</script>
----==_mimepart_598d2be37363a_288e3fae301fbc3826747--


From nobody Mon Aug 14 01:32:52 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=vce1GY5ExPDxLvqBtMI9o1KtL9A=; b=peIpEfoPFnLkEtEW qbVYAl6h0/ox6rFy2LWU+FsBIXLc7rN5dG1oUce037odjxLNYjXj4No6fhFuaTUD NZacEoziCkfmsCLJ6lc1HwsQcrg8dbJoRkC+3XUbsPApNlf4mONxutZdK8eTglPr qL2PdKHeRNihGQqacBh63TM7o7M=
Date: Mon, 14 Aug 2017 08:32:45 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/268@github.com>
References: <httpwg/http-extensions/issues/268@github.com>
Subject: Re: [httpwg/http-extensions] Enabling O(1) removal from digest (#268)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5991602d77ab5_2be53fb4263b5c3032483"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/_WCAdAPbC77oQ5WfjJEMEQ3XYDM>
Message-ID: <mailman.33.1502699571.32749.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 08:32:51 -0000

----==_mimepart_5991602d77ab5_2be53fb4263b5c3032483
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

There's still implementer interest for this /cc @cbentzel @addyosmani

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/268#issuecomment-322130255
----==_mimepart_5991602d77ab5_2be53fb4263b5c3032483
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>There's still implementer interest for this /cc <a href="https://github.com/cbentzel" class="user-mention">@cbentzel</a> <a href="https://github.com/addyosmani" class="user-mention">@addyosmani</a></p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/268#issuecomment-322130255">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyGKaD--R9KLjsj9eZhjlIVPO4EYsks5sYAYtgaJpZM4K1Rdh">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyF8yMiDxGJam6By6ySctKtT_Yqqsks5sYAYtgaJpZM4K1Rdh.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/268#issuecomment-322130255"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@yoavweiss in #268: There's still implementer interest for this /cc @cbentzel @addyosmani"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/268#issuecomment-322130255"}}}</script>
----==_mimepart_5991602d77ab5_2be53fb4263b5c3032483--


From nobody Mon Aug 14 06:13:57 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.799
X-Spam-Level: 
X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=PGlHB2eE0MiouWhj1mL9vF/dpx0=; b=Va58uH6z+xJQXWhW igcfwcFT7qJRQrrhEI56X5YmMXUV1B3jFtQPKHvIgYhUd3nPLIAZICtwAR5s0qSp GxIsut3tMB/pIaU0wq/1Og7C55E8zbnyfXK3geHMTqo4L0DlLg2zlPBMasQnUiPm HhfS69GLrADlZ4PFmsv5gnr71go=
Date: Mon, 14 Aug 2017 13:13:45 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] wglc cache digest editorial feedback reschke (#382)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5991a2091577e_63b73fdea6d97c30698c1"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/4YF9k_249oQqoQ63XDdjyi1flss>
Message-ID: <mailman.69.1502716437.32749.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 13:13:56 -0000

----==_mimepart_5991a2091577e_63b73fdea6d97c30698c1
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0263.html

Some editorial feedback:

1) ABNF list rule reference has wrong section 
(https://github.com/httpwg/http-extensions/pull/376)

2) Throughout s/header/header field/

3) 
<https://www.greenbytes.de/tech/webdav/draft-ietf-httpbis-cache-digest-02.html#rfc.section.5.p.4>:

"TODO: discuss how effective the suggested mitigations actually would be."

4) Please avoid lowercase BCP 14 keywords such as "may", or invoke 
<https://tools.ietf.org/html/rfc8174>

Best regards, Julian

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/382
----==_mimepart_5991a2091577e_63b73fdea6d97c30698c1
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0263.html">https://lists.w3.org/Archives/Public/ietf-http-wg/2017JulSep/0263.html</a></p>
<p>Some editorial feedback:</p>
<ol>
<li>
<p>ABNF list rule reference has wrong section<br>
(<a href="https://github.com/httpwg/http-extensions/pull/376" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/376" data-id="247946400" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#376</a>)</p>
</li>
<li>
<p>Throughout s/header/header field/</p>
</li>
<li></li>
</ol>
<p><a href="https://www.greenbytes.de/tech/webdav/draft-ietf-httpbis-cache-digest-02.html#rfc.section.5.p.4">https://www.greenbytes.de/tech/webdav/draft-ietf-httpbis-cache-digest-02.html#rfc.section.5.p.4</a>:</p>
<p>"TODO: discuss how effective the suggested mitigations actually would be."</p>
<ol start="4">
<li>Please avoid lowercase BCP 14 keywords such as "may", or invoke<br>
<a href="https://tools.ietf.org/html/rfc8174">https://tools.ietf.org/html/rfc8174</a></li>
</ol>
<p>Best regards, Julian</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/382">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyNiFvDV8FLAM8X1nMKtzoyIT621Gks5sYEgJgaJpZM4O2WaO">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyCfDBMwgYWrNBLcKDYO8wEfkiEqwks5sYEgJgaJpZM4O2WaO.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/382"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"wglc cache digest editorial feedback reschke (#382)"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/382"}}}</script>
----==_mimepart_5991a2091577e_63b73fdea6d97c30698c1--


From nobody Mon Aug 14 14:08:23 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.02
X-Spam-Level: 
X-Spam-Status: No, score=-7.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 14 Aug 2017 14:08:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502744899; bh=GEJAHMoZ9oyYUOsKEU89/BFSzLjjWFGiNcQJOgvHJWY=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TUELrRkLJVs1PRT3BMA0HLkdYOVqTRUIgK7iPutGEJHOazh8qjLHoHnfR1tsE9bvi x9ia1TDg0J7sRMv96EkE75W/6VjHnocWkmQt6/BAdwV3yw2QASymK8VxVWwgnxxChD QixyoNCXkH8aXddNS3bLNTPgWDFnwAiDR1aoa04w=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5992114377451_231d13fb83178dc2c798f9"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/Y_av_RZngPLc-l94EcVEfhoQ9Ao>
Message-ID: <mailman.32.1502744903.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 21:08:22 -0000

----==_mimepart_5992114377451_231d13fb83178dc2c798f9
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

*not chair hat*

Could we please stop calling this use case "CDN"? Most CDNs take all traffic for an origin, not just images, etc. (that's very 1999). It's true that some sites direct images.* to a CDN (for example), but that's not great practice.

We should really be talking about this as 3rd party content -- e.g., widgets and ads. Given the history there, it's entirely reasonable to be concerned about increasing fingerprinting exposure.

Requiring the origin to opt-in to any 3rd party CHs is an improvement, but not a huge one; it'll just give an incentive to 3rd parties to instruct the origin to set whatever policy we require.

I think that at a minimum, we should warn (Security Considerations) specifically about the new vector for 3rd party content fingerprinting here, and allow implementations to decide whether they send it to 3rd parties (at all, or when they're in private browsing mode, or...).

I'd like to also see at least consideration of making this 1st party only. Given that the use case for CH is mostly to allow intermediaries to do content optimisation -- and remembering that origins already have other techniques available to them -- I'm wondering if allowing third party origins to do intermediary-imposed optimisations is worth the potential privacy tradeoff here. After all, widgets and ads are usually served by `script` tags, so there's an opportunity for script running and URL rewriting by them before the requests are made. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-322310307
----==_mimepart_5992114377451_231d13fb83178dc2c798f9
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><em>not chair hat</em></p>
<p>Could we please stop calling this use case "CDN"? Most CDNs take all t=
raffic for an origin, not just images, etc. (that's very 1999). It's true=
 that some sites direct images.* to a CDN (for example), but that's not g=
reat practice.</p>
<p>We should really be talking about this as 3rd party content -- e.g., w=
idgets and ads. Given the history there, it's entirely reasonable to be c=
oncerned about increasing fingerprinting exposure.</p>
<p>Requiring the origin to opt-in to any 3rd party CHs is an improvement,=
 but not a huge one; it'll just give an incentive to 3rd parties to instr=
uct the origin to set whatever policy we require.</p>
<p>I think that at a minimum, we should warn (Security Considerations) sp=
ecifically about the new vector for 3rd party content fingerprinting here=
, and allow implementations to decide whether they send it to 3rd parties=
 (at all, or when they're in private browsing mode, or...).</p>
<p>I'd like to also see at least consideration of making this 1st party o=
nly. Given that the use case for CH is mostly to allow intermediaries to =
do content optimisation -- and remembering that origins already have othe=
r techniques available to them -- I'm wondering if allowing third party o=
rigins to do intermediary-imposed optimisations is worth the potential pr=
ivacy tradeoff here. After all, widgets and ads are usually served by <co=
de>script</code> tags, so there's an opportunity for script running and U=
RL rewriting by them before the requests are made.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/372#issuecomment-322310307">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
GPY_PzysEs9m3w3Vm9u05osM6cnks5sYLdDgaJpZM4Oc7TI">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyIw7Mb-awMsiRvRS0WTkY_QIsCabks5sYLdDgaJpZM4Oc7TI.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/372#issuecomment-322310307"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@m=
not in #372: *not chair hat*\r\n\r\nCould we please stop calling this use=
 case \"CDN\"? Most CDNs take all traffic for an origin, not just images,=
 etc. (that's very 1999). It's true that some sites direct images.* to a =
CDN (for example), but that's not great practice.\r\n\r\nWe should really=
 be talking about this as 3rd party content -- e.g., widgets and ads. Giv=
en the history there, it's entirely reasonable to be concerned about incr=
easing fingerprinting exposure.\r\n\r\nRequiring the origin to opt-in to =
any 3rd party CHs is an improvement, but not a huge one; it'll just give =
an incentive to 3rd parties to instruct the origin to set whatever policy=
 we require.\r\n\r\nI think that at a minimum, we should warn (Security C=
onsiderations) specifically about the new vector for 3rd party content fi=
ngerprinting here, and allow implementations to decide whether they send =
it to 3rd parties (at all, or when they're in private browsing mode, or..=
.).\r\n\r\nI'd like to also see at least consideration of making this 1st=
 party only. Given that the use case for CH is mostly to allow intermedia=
ries to do content optimisation -- and remembering that origins already h=
ave other techniques available to them -- I'm wondering if allowing third=
 party origins to do intermediary-imposed optimisations is worth the pote=
ntial privacy tradeoff here. After all, widgets and ads are usually serve=
d by `script` tags, so there's an opportunity for script running and URL =
rewriting by them before the requests are made. "}],"action":{"name":"Vie=
w Issue","url":"https://github.com/httpwg/http-extensions/issues/372#issu=
ecomment-322310307"}}}</script>=

----==_mimepart_5992114377451_231d13fb83178dc2c798f9--


From nobody Tue Aug 15 00:25:22 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.473
X-Spam-Level: 
X-Spam-Status: No, score=-0.473 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=U86fQy0c56ny+g4FoHMLIh3siXw=; b=O6eYN6hH4cDF0BG6 X+CYi8WHonN04C+abCFSv5G+oFFP8wUSlD+zLmkG2/nX7HTKXmQZRZn/C67/LzUi 38rLGHsouvu6mqQI9k/0KNq8mh3Xrsa0acp9u8518G0SBYxSWm8nJ9WZB55JbsS7 K/QSByDMF0IVgaIx+vb+21aN20A=
Date: Tue, 15 Aug 2017 07:25:03 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] HTML references (#383)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5992a1ced2d07_733d3ff23b41dc3879392"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/ZFr1kSuOD95evzDLLqVacUuOEG8>
Message-ID: <mailman.111.1502781921.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 07:25:20 -0000

----==_mimepart_5992a1ced2d07_733d3ff23b41dc3879392
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

The spec currently references both HTML-the-living-spec (with potentially incorrect author information), and HTML 4.01. Only the latter is actually used.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/383
----==_mimepart_5992a1ced2d07_733d3ff23b41dc3879392
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>The spec currently references both HTML-the-living-spec (with potentially incorrect author information), and HTML 4.01. Only the latter is actually used.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/383">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyABNIYT1sZRSaj6SKy1uKMvzZ_qUks5sYUfOgaJpZM4O3RJR">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyG8-mnm6KLsa8vFTaEeLzHrllkV5ks5sYUfOgaJpZM4O3RJR.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/383"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"HTML references (#383)"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/383"}}}</script>
----==_mimepart_5992a1ced2d07_733d3ff23b41dc3879392--


From nobody Tue Aug 15 00:28:52 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.615
X-Spam-Level: 
X-Spam-Status: No, score=-0.615 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=rc2GqrRItXDQiINqo1Vzqh5HfeY=; b=tQEHyNdLZMCvGe5w CYMiGKvIB4VePlJ/jaot18PiwSbjpZPw/vnlhBYxe1S2lgffiwqzh5sy+jUci48H KCYGgpMuOiNKw6ZepCi+HGytGCJF5+5APUl80fdjaU2gV3AFQVFTHAFbUXQbi+c0 kj1B8vyRPTE3ALRboHQrz30JlHM=
Date: Tue, 15 Aug 2017 07:28:49 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] reference format (#384)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5992a2b0c0f69_39cc3fe81aa59c3099367"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/X4qnKypyMcAZ6ynFv1woYCKR6y0>
Message-ID: <mailman.112.1502782132.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 07:28:51 -0000

----==_mimepart_5992a2b0c0f69_39cc3fe81aa59c3099367
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Make references consistent (both within the doc and across WG documents)
You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/384

-- Commit Summary --

  * reference format

-- File Changes --

    M draft-ietf-httpbis-expect-ct.md (16)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/384.patch
https://github.com/httpwg/http-extensions/pull/384.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/384

----==_mimepart_5992a2b0c0f69_39cc3fe81aa59c3099367
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Make references consistent (both within the doc and across WG documents)</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/384'>https://github.com/httpwg/http-extensions/pull/384</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>reference format</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/384/files#diff-0">draft-ietf-httpbis-expect-ct.md</a>
    (16)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/384.patch'>https://github.com/httpwg/http-extensions/pull/384.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/384.diff'>https://github.com/httpwg/http-extensions/pull/384.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/384">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyM20TSHnLR3ODwA7dNgArKpel6ZPks5sYUiwgaJpZM4O3RUJ">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyHFFY6eS49uCIGCH3Q_pD6GDuaP9ks5sYUiwgaJpZM4O3RUJ.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/384"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"reference format (#384)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/384"}}}</script>

----==_mimepart_5992a2b0c0f69_39cc3fe81aa59c3099367--


From nobody Tue Aug 15 16:19:36 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.473
X-Spam-Level: 
X-Spam-Status: No, score=-0.473 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=s0hXUUL8M8WvtjLQY4mNRq2Rrp4=; b=iVor61JNhGK7Dsql DXZMo/OAbtgXwSNy9+NARsRbGF9QXUS3h1HZktFemnocOVM4BZKMfwf2IfiaYgG7 6AxK0hY9y987wcJ121iP/p9Thc7yNSsUAYLjy0PPRVs7XU5FUa9xWta/IzYH5yhb jPHbvEfujkOhKGeRjbjYL2/xsw4=
Date: Tue, 15 Aug 2017 23:19:32 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/383@github.com>
References: <httpwg/http-extensions/issues/383@github.com>
Subject: Re: [httpwg/http-extensions] HTML references (#383)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_599381848d5bd_61d3faa6e2b5c34443ec"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/J0hMDOz5I1ezNOUSs-rskj-raCc>
Message-ID: <mailman.281.1502839176.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 23:19:35 -0000

----==_mimepart_599381848d5bd_61d3faa6e2b5c34443ec
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

It's not that cut-and-dried. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/383#issuecomment-322615352
----==_mimepart_599381848d5bd_61d3faa6e2b5c34443ec
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>It's not that cut-and-dried.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/383#issuecomment-322615352">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKE_dKDduHX7gSwqT_xShG3e91Ajks5sYieEgaJpZM4O3RJR">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyFL5mBlTx6Pvliuc2_qaeBfylUkUks5sYieEgaJpZM4O3RJR.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/383#issuecomment-322615352"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #383: It's not that cut-and-dried. "}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/383#issuecomment-322615352"}}}</script>
----==_mimepart_599381848d5bd_61d3faa6e2b5c34443ec--


From nobody Wed Aug 16 10:43:49 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.474
X-Spam-Level: 
X-Spam-Status: No, score=-5.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Wed, 16 Aug 2017 10:43:45 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502905425; bh=pn3CVXdajHnvUWXx3wTPMYvFnfHCqMUe1Cmlt6FpCrk=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=TBGoqWvnt4ZRq9BIIfvTN9L1gJe5NJcnWjVvV9XVAZBkdbkJ8YcVmXkoItn0V9Cub Nnqy6bH2/XSviCK0UK4ErE99qBTflheLvuOB4CenYYRlOrQSMcA1Tk4V/IcxmbbCzy KRmD1Ti+7SvnOswYcelaQ+Gj0c/snUdWVgadJ7Ls=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc@github.com>
References: <httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc@github.com>
Subject: Re: [httpwg/http-extensions] more tweaks for #330 (83606e8)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_599484514b93d_1c13ff1c327fc3c1549c1"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/hvqO_gOszFXv11FuSiCcezcfNcU>
Message-ID: <mailman.494.1502905428.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 17:43:48 -0000

----==_mimepart_599484514b93d_1c13ff1c327fc3c1549c1
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Done, with some tweaks. Thanks.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23680638
----==_mimepart_599484514b93d_1c13ff1c327fc3c1549c1
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Done, with some tweaks. Thanks.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23680638">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyLuVxkWwn_3MuE4EPVhTxoyNlRZsks5sYypRgaJpZM4OtX-z">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyAJBY6KzOOerPz6hicO79CACK_s8ks5sYypRgaJpZM4OtX-z.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23680638"></link>
  <meta itemprop="name" content="View Commit"></meta>
</div>
<meta itemprop="description" content="View this Commit on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot on 83606e8: Done, with some tweaks. Thanks."}],"action":{"name":"View Commit","url":"https://github.com/httpwg/http-extensions/commit/83606e8f14e8a52b2298eb4d60a2944480d78dbc#commitcomment-23680638"}}}</script>
----==_mimepart_599484514b93d_1c13ff1c327fc3c1549c1--


From nobody Wed Aug 16 14:26:38 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=QQdV/mpB5u+uINAC3yQV1LQpLKQ=; b=b3gEwCoX9/DaJzcQ VxOw1lCHwnoK7Czkz/L13W5vFX9avKh8Eazfbogxs4oVbfPOCkAZrPR+AYMi4PN8 UwVYqTUF4UHw5GKMSxx8pbv4+1EubiqmI9TgQxX1PQldDhGVNnj9s5af8iRVDsnX q3jQd0gsKdUhRmHdrpymj72B9/s=
Date: Wed, 16 Aug 2017 21:26:34 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/commit/43f26a3428203127f6b1e9c4b309b253bda92f29@github.com>
References: <httpwg/http-extensions/commit/43f26a3428203127f6b1e9c4b309b253bda92f29@github.com>
Subject: Re: [httpwg/http-extensions] Incorporate Martin's suggestion (43f26a3)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5994b88966086_3f3b3fbd2c3e9c3826548"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/j7VNRYh7CcoMPUsWtXV_VNaXhGs>
Message-ID: <mailman.536.1502918797.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 21:26:36 -0000

----==_mimepart_5994b88966086_3f3b3fbd2c3e9c3826548
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

>From discussions, I think the CT and OCSP responses should be an "and" not an "or".  They both address different threat vectors and both are needed and complementary here.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/commit/43f26a3428203127f6b1e9c4b309b253bda92f29#commitcomment-23684874
----==_mimepart_5994b88966086_3f3b3fbd2c3e9c3826548
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>From discussions, I think the CT and OCSP responses should be an "and" n=
ot an "or".  They both address different threat vectors and both are needed=
 and complementary here.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/commit/43f26a3428203127f6b1e9c4b309b253bda92f29#commitcomment-=
23684874">view it on GitHub</a>, or <a href=3D"https://github.com/notificat=
ions/unsubscribe-auth/AORpyA_8MzaqXpqvukj67hXadwBlSr1Uks5sY16JgaJpZM4O5gF3"=
>mute the thread</a>.<img alt=3D"" height=3D"1" src=3D"https://github.com/n=
otifications/beacon/AORpyHATPpawnQcEc7B5Cx2Z3IuA0QYkks5sY16JgaJpZM4O5gF3.gi=
f" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
commit/43f26a3428203127f6b1e9c4b309b253bda92f29#commitcomment-23684874"></l=
ink>
  <meta itemprop=3D"name" content=3D"View Commit"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Commit on GitHub"></met=
a>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@enygren on 43f26a3:=
 From discussions, I think the CT and OCSP responses should be an \"and\" n=
ot an \"or\".  They both address different threat vectors and both are need=
ed and complementary here."}],"action":{"name":"View Commit","url":"https:/=
/github.com/httpwg/http-extensions/commit/43f26a3428203127f6b1e9c4b309b253b=
da92f29#commitcomment-23684874"}}}</script>=

----==_mimepart_5994b88966086_3f3b3fbd2c3e9c3826548--


From nobody Wed Aug 16 14:37:28 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=sG00Naj9f72eMQCNuMd5n9G805E=; b=BpViQhuezuIcyuKa ZZxwq0jQKzrzfV7qUChSBFTbqd2eaYWHxLeMEijlu1PtjhTF0xS6BeDSLSOuNDIH Ul6pI7QOr3vFRDDrk8c7lRUyP5TDGS+i6O++Mmu+7Y97hVhfqEWuO40c/c8tMLXo Xy+Uz2lMRfrPFQ5mGwcY45zYvkY=
Date: Wed, 16 Aug 2017 21:37:18 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5994bb0dda8d5_37f43ff351e7dc3410318a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/mijWw0-ZqktMu0Co7UO_xKKsugg>
Message-ID: <mailman.537.1502919447.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 21:37:26 -0000

----==_mimepart_5994bb0dda8d5_37f43ff351e7dc3410318a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

On the commits:

- From discussions, I think the CT and OCSP responses should be an "and" not an "or".  They both address different threats and both are needed.  CT helps reduce some of the risks around mis-issuance while OCSP allows any mis-issuance to be addressed in a reasonable period of time.  

- I think for "Additionally, clients MAY avoid consulting DNS to establish the connection's authority for new requests." we may want append "when employing adequate additional mitigations to security and operational risks."

Is there a precedence or convention for having the "adequate additional mitigations" be defined in a future RFC?

My general concern continues to be that we're changing the security profile of a complex system in ways that crosses protocol layers.  Even if solving some of those problems requires a much more in-depth risk analysis, people looking to exploit these changes won't be constrained by a "but that violates layering to specify more!".

Note that as discussed above, there is also a class of issues which might require a not-as-yet-defined certificate extension to make some of the people here fully comfortable.  (Which would possibly be in-addition to the OCSP and CT requirements.)


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-322906710
----==_mimepart_5994bb0dda8d5_37f43ff351e7dc3410318a
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>On the commits:</p>
<ul>
<li>
<p>From discussions, I think the CT and OCSP responses should be an "and" n=
ot an "or".  They both address different threats and both are needed.  CT h=
elps reduce some of the risks around mis-issuance while OCSP allows any mis=
-issuance to be addressed in a reasonable period of time.</p>
</li>
<li>
<p>I think for "Additionally, clients MAY avoid consulting DNS to establish=
 the connection's authority for new requests." we may want append "when emp=
loying adequate additional mitigations to security and operational risks."<=
/p>
</li>
</ul>
<p>Is there a precedence or convention for having the "adequate additional =
mitigations" be defined in a future RFC?</p>
<p>My general concern continues to be that we're changing the security prof=
ile of a complex system in ways that crosses protocol layers.  Even if solv=
ing some of those problems requires a much more in-depth risk analysis, peo=
ple looking to exploit these changes won't be constrained by a "but that vi=
olates layering to specify more!".</p>
<p>Note that as discussed above, there is also a class of issues which migh=
t require a not-as-yet-defined certificate extension to make some of the pe=
ople here fully comfortable.  (Which would possibly be in-addition to the O=
CSP and CT requirements.)</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/330#issuecomment-322906710">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyB39s2CIHEM=
qiCq1eaIH8h_1b_kIks5sY2ENgaJpZM4NEzUM">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyCmYiXl88aFl-=
tbCtilYHEMX529vks5sY2ENgaJpZM4NEzUM.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/330#issuecomment-322906710"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@enygren in #330: On=
 the commits:\r\n\r\n- From discussions, I think the CT and OCSP responses =
should be an \"and\" not an \"or\".  They both address different threats an=
d both are needed.  CT helps reduce some of the risks around mis-issuance w=
hile OCSP allows any mis-issuance to be addressed in a reasonable period of=
 time.  \r\n\r\n- I think for \"Additionally, clients MAY avoid consulting =
DNS to establish the connection's authority for new requests.\" we may want=
 append \"when employing adequate additional mitigations to security and op=
erational risks.\"\r\n\r\nIs there a precedence or convention for having th=
e \"adequate additional mitigations\" be defined in a future RFC?\r\n\r\nMy=
 general concern continues to be that we're changing the security profile o=
f a complex system in ways that crosses protocol layers.  Even if solving s=
ome of those problems requires a much more in-depth risk analysis, people l=
ooking to exploit these changes won't be constrained by a \"but that violat=
es layering to specify more!\".\r\n\r\nNote that as discussed above, there =
is also a class of issues which might require a not-as-yet-defined certific=
ate extension to make some of the people here fully comfortable.  (Which wo=
uld possibly be in-addition to the OCSP and CT requirements.)\r\n"}],"actio=
n":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/is=
sues/330#issuecomment-322906710"}}}</script>=

----==_mimepart_5994bb0dda8d5_37f43ff351e7dc3410318a--


From nobody Wed Aug 16 14:40:25 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level: 
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Wed, 16 Aug 2017 14:40:16 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502919616; bh=jv2vORli7VdXwvexBEFwaZCaTsI6q3Nvql9OZX5s18Y=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=HKJfDiCB0OEorA0kSJM7yw9evhJ7fIFCw+zEqNswrE9cs2bmb9NRcWtxJwOo39kz1 laKAwq4g1gUKUJVmaqdZPCC6DhzgSQNf92Ygy2w6sl01GWfMkRgMbU+a9V9r06yXnI zYKC7aBn8puRkq+fuME/vVH9qCnjnGYbSjDqYHog=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5994bbc08522f_27a63f88a6bc5c3c74276"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/tludPlor7mOrUiFe0dye-sSkj4E>
Message-ID: <mailman.538.1502919623.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 21:40:22 -0000

----==_mimepart_5994bbc08522f_27a63f88a6bc5c3c74276
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

> From discussions, I think the CT and OCSP responses should be an "and" not an "or". They both address different threats and both are needed. CT helps reduce some of the risks around mis-issuance while OCSP allows any mis-issuance to be addressed in a reasonable period of time.

My sense of the discussion was that we flirted with "and" but settled on "or". Happy to be corrected there; @mcmanus?

> I think for "Additionally, clients MAY avoid consulting DNS to establish the connection's authority for new requests." we may want append "when employing adequate additional mitigations to security and operational risks."

Seems reasonable to me.

> Is there a precedence or convention for having the "adequate additional mitigations" be defined in a future RFC?

That's possible, but as noted there's been a historical reluctance to define the exact requirements in RFCs. Remember that Web browsing is just one use of HTTP.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-322907369
----==_mimepart_5994bbc08522f_27a63f88a6bc5c3c74276
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<blockquote>
<p>From discussions, I think the CT and OCSP responses should be an "and"=
 not an "or". They both address different threats and both are needed. CT=
 helps reduce some of the risks around mis-issuance while OCSP allows any=
 mis-issuance to be addressed in a reasonable period of time.</p>
</blockquote>
<p>My sense of the discussion was that we flirted with "and" but settled =
on "or". Happy to be corrected there; <a href=3D"https://github.com/mcman=
us" class=3D"user-mention">@mcmanus</a>?</p>
<blockquote>
<p>I think for "Additionally, clients MAY avoid consulting DNS to establi=
sh the connection's authority for new requests." we may want append "when=
 employing adequate additional mitigations to security and operational ri=
sks."</p>
</blockquote>
<p>Seems reasonable to me.</p>
<blockquote>
<p>Is there a precedence or convention for having the "adequate additiona=
l mitigations" be defined in a future RFC?</p>
</blockquote>
<p>That's possible, but as noted there's been a historical reluctance to =
define the exact requirements in RFCs. Remember that Web browsing is just=
 one use of HTTP.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/330#issuecomment-322907369">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
Pyzm8Spdv6M5amrJYCiglA_01CUks5sY2HAgaJpZM4NEzUM">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyAabBJoHSX3x7ai_nJ7sGKzcbosCks5sY2HAgaJpZM4NEzUM.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/330#issuecomment-322907369"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@m=
not in #330: \u003e From discussions, I think the CT and OCSP responses s=
hould be an \"and\" not an \"or\". They both address different threats an=
d both are needed. CT helps reduce some of the risks around mis-issuance =
while OCSP allows any mis-issuance to be addressed in a reasonable period=
 of time.\r\n\r\nMy sense of the discussion was that we flirted with \"an=
d\" but settled on \"or\". Happy to be corrected there; @mcmanus?\r\n\r\n=
\u003e I think for \"Additionally, clients MAY avoid consulting DNS to es=
tablish the connection's authority for new requests.\" we may want append=
 \"when employing adequate additional mitigations to security and operati=
onal risks.\"\r\n\r\nSeems reasonable to me.\r\n\r\n\u003e Is there a pre=
cedence or convention for having the \"adequate additional mitigations\" =
be defined in a future RFC?\r\n\r\nThat's possible, but as noted there's =
been a historical reluctance to define the exact requirements in RFCs. Re=
member that Web browsing is just one use of HTTP.\r\n"}],"action":{"name"=
:"View Issue","url":"https://github.com/httpwg/http-extensions/issues/330=
#issuecomment-322907369"}}}</script>=

----==_mimepart_5994bbc08522f_27a63f88a6bc5c3c74276--


From nobody Wed Aug 16 14:40:29 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.596
X-Spam-Level: 
X-Spam-Status: No, score=-5.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Wed, 16 Aug 2017 14:40:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502919619; bh=4k7ZLlIpW05uk/mQ17n1HsmgUBzo+upy+MZOXkgXaEU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=y5oasntfjiHsLVocpqWUV7K5niWgHltyynoFUiWx0LH11djMoiZSAmjLI8E3gxgGo qndqaCUF9zfpIV2yuuyWV6wbC535yqLvjSYZmqh+j2zDNJ867/A9dgCi1s8TCMm005 2jeJCWkl3byunXOe3XqLpsXt5V3jSmEwuOxHV2WI=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5994bbc3c9848_12ead3f8b47641c2c10692c"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/W0J-Avs-prd2p3Kgmv3bFHlwsvs>
Message-ID: <mailman.539.1502919623.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 21:40:22 -0000

----==_mimepart_5994bbc3c9848_12ead3f8b47641c2c10692c
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I think we also want to change the intro sentence for consistency:
> This specification relaxes the requirement to check DNS when the ORIGIN frame is in use.
to:
> This specification relaxes the requirement to check DNS when the ORIGIN frame is in use in-combination with additional security mitigations.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-322907386
----==_mimepart_5994bbc3c9848_12ead3f8b47641c2c10692c
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>I think we also want to change the intro sentence for consistency:</p>=

<blockquote>
<p>This specification relaxes the requirement to check DNS when the ORIGI=
N frame is in use.<br>
to:<br>
This specification relaxes the requirement to check DNS when the ORIGIN f=
rame is in use in-combination with additional security mitigations.</p>
</blockquote>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/330#issuecomment-322907386">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
FIPHybd68h3oGwv1oaOhZjEVAQwks5sY2HDgaJpZM4NEzUM">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyK8hZJ0CNdZJqUT5t-MHsZJK84oAks5sY2HDgaJpZM4NEzUM.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/330#issuecomment-322907386"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@e=
nygren in #330: I think we also want to change the intro sentence for con=
sistency:\r\n\u003e This specification relaxes the requirement to check D=
NS when the ORIGIN frame is in use.\r\nto:\r\n\u003e This specification r=
elaxes the requirement to check DNS when the ORIGIN frame is in use in-co=
mbination with additional security mitigations.\r\n"}],"action":{"name":"=
View Issue","url":"https://github.com/httpwg/http-extensions/issues/330#i=
ssuecomment-322907386"}}}</script>=

----==_mimepart_5994bbc3c9848_12ead3f8b47641c2c10692c--


From nobody Wed Aug 16 18:23:08 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.018
X-Spam-Level: 
X-Spam-Status: No, score=-2.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=FeyPeqcSfJ5G0+geRqOyjj9rQm0=; b=JpLHeVsh4bab85PZ 7yTHikB/ddL/cClzvSZ45t4h6b5NzBiltB1qS2Wmj48qC0c28+Pt1sLbJJrYdQUG XAN8888U8mMt9ZNQQGiJDix+6AbyAuRow89WRHeDHtw1Ulk67Z/Bf7UCRvGkRNQJ 83Au4ZPlXeY6BJ2ONic9rQmBP2s=
Date: Thu, 17 Aug 2017 01:23:05 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5994eff8bcee4_471b3ffa160e5c2c735f2"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/iru9tzRcEsLcAr60ZlO-nbhmmXQ>
Message-ID: <mailman.569.1502932988.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 01:23:07 -0000

----==_mimepart_5994eff8bcee4_471b3ffa160e5c2c735f2
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

The "or" seems appropriate here, given that these are examples only.  We might add new higher requirements for this over time.  For instance, we might require that these sites include Expect-Staple or Expect-CT policies (to match the checks for OCSP or CT), or we might devise new and better schemes for avoiding key theft and require those as well.  That certainly doesn't mean that "and" won't be the actual requirement.

We have to be careful not to overproscribe client policy here.  Browsers have a lot of resources to throw at these problems, but we could exclude other types of clients from these features by the sheer weight of the set of requirements that come with them.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-322942923
----==_mimepart_5994eff8bcee4_471b3ffa160e5c2c735f2
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>The "or" seems appropriate here, given that these are examples only.  We=
 might add new higher requirements for this over time.  For instance, we mi=
ght require that these sites include Expect-Staple or Expect-CT policies (t=
o match the checks for OCSP or CT), or we might devise new and better schem=
es for avoiding key theft and require those as well.  That certainly doesn'=
t mean that "and" won't be the actual requirement.</p>
<p>We have to be careful not to overproscribe client policy here.  Browsers=
 have a lot of resources to throw at these problems, but we could exclude o=
ther types of clients from these features by the sheer weight of the set of=
 requirements that come with them.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/330#issuecomment-322942923">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyMLXF3oTlhJ=
JQzpPaNKkbXFXzOuPks5sY5X4gaJpZM4NEzUM">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyA1OLIBKGj7-C=
XUgX3bhifQR8RPwks5sY5X4gaJpZM4NEzUM.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/330#issuecomment-322942923"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@martinthomson in #3=
30: The \"or\" seems appropriate here, given that these are examples only. =
 We might add new higher requirements for this over time.  For instance, we=
 might require that these sites include Expect-Staple or Expect-CT policies=
 (to match the checks for OCSP or CT), or we might devise new and better sc=
hemes for avoiding key theft and require those as well.  That certainly doe=
sn't mean that \"and\" won't be the actual requirement.\r\n\r\nWe have to b=
e careful not to overproscribe client policy here.  Browsers have a lot of =
resources to throw at these problems, but we could exclude other types of c=
lients from these features by the sheer weight of the set of requirements t=
hat come with them."}],"action":{"name":"View Issue","url":"https://github.=
com/httpwg/http-extensions/issues/330#issuecomment-322942923"}}}</script>=

----==_mimepart_5994eff8bcee4_471b3ffa160e5c2c735f2--


From nobody Wed Aug 16 18:43:24 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.473
X-Spam-Level: 
X-Spam-Status: No, score=-0.473 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=I5aqEz/00x19B+/8j2+EG9PCT58=; b=iosjRGP3QAcqPhfc DatNfI21ZUckmEE7Lj3Rfo7wsLofQTFyhm+2nP/GyBK7zzFqBvZz/FpYzhupSTEk wwzZOnjO0bzn49N1dXDXCb1BUGF14XDhjO2XVTdsU69/IRRwABum2cVzRi8b2XaL 0egJKVuW8ShY9LzWphbyod6HKUM=
Date: Thu, 17 Aug 2017 01:43:21 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/commit/1c2c5c5fce6ba367cc459e7d92d590edbb082d64@github.com>
References: <httpwg/http-extensions/commit/1c2c5c5fce6ba367cc459e7d92d590edbb082d64@github.com>
Subject: Re: [httpwg/http-extensions] RFC6265bis: Note about double-keying. Closes #248. (1c2c5c5)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5994f4b8f0104_6c3c3faa09e31c30427e5"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/KgQRDQbbwFR5cuyvpVTHp8oCLA8>
Message-ID: <mailman.577.1502934204.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 01:43:23 -0000

----==_mimepart_5994f4b8f0104_6c3c3faa09e31c30427e5
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

widely

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/commit/1c2c5c5fce6ba367cc459e7d92d590edbb082d64#commitcomment-23688510
----==_mimepart_5994f4b8f0104_6c3c3faa09e31c30427e5
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>widely</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/commit/1c2c5c5fce6ba367cc459e7d92d590edbb082d64#commitcomment-23688510">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyPzZ7u2e0y6GFOiAg-kjtmpDsH29ks5sY5q4gaJpZM4O5rjs">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyJ6Ib1bYvZdRnJezlWGwKlaS4zHtks5sY5q4gaJpZM4O5rjs.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/commit/1c2c5c5fce6ba367cc459e7d92d590edbb082d64#commitcomment-23688510"></link>
  <meta itemprop="name" content="View Commit"></meta>
</div>
<meta itemprop="description" content="View this Commit on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot on 1c2c5c5: widely"}],"action":{"name":"View Commit","url":"https://github.com/httpwg/http-extensions/commit/1c2c5c5fce6ba367cc459e7d92d590edbb082d64#commitcomment-23688510"}}}</script>
----==_mimepart_5994f4b8f0104_6c3c3faa09e31c30427e5--


From nobody Thu Aug 17 07:24:25 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.799
X-Spam-Level: 
X-Spam-Status: No, score=-9.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 17 Aug 2017 07:24:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502979859; bh=pfZ4M3EKCOsbQWLpM3rsgUlxp/VxOcYDKe3Ma1WiKpk=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Nm4C/my+lGfGHcIjVIpoLxUQ34Ot0wsIZs1LtmWgR4INj4QOLIehyvWTE9x7uWaF0 z0am0Ox7b1lO2WYiJw8mC1VDiEt/0nxcAqIS15OasCxk/OryT7sk/5dtP8sBF0CUhh O8PUOGnOPBUP8VzQ5gsQwyU6TQVV+2FLjHHiaD0E=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5995a7136875e_3b5d3f86d65b1c3c7799d"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/K0E8-3JwFcOZqrEZwkU1CL2EgpA>
Message-ID: <mailman.705.1502979864.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 14:24:23 -0000

----==_mimepart_5995a7136875e_3b5d3f86d65b1c3c7799d
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

> Could we please stop calling this use case "CDN"? Most CDNs take all traffic for an origin, not just images, etc. (that's very 1999). It's true that some sites direct images.* to a CDN (for example), but that's not great practice.

While we can argue that in an H2 world this is not the best practice, having a separate domain for images is not uncommon. e.g. looking at https://www.nytimes.com/ its images are served from https://static01.nyt.com. All served from the same CDN (and covered by a single cert AFAICT), but still considered a third party from a SOP perspective. It's also not uncommon to have separate certs to such "static domains" as an infosec requirement.

So I don't think we can consider sending CH to third parties as something that will only benefit 3rd party content.




> Requiring the origin to opt-in to any 3rd party CHs is an improvement, but not a huge one; it'll just give an incentive to 3rd parties to instruct the origin to set whatever policy we require.

They can similarly add requirements for the origin to include their JS that will beacon up that data to them. There's very little we can do about that other than trust the first party's judgement (and make them aware of what they're enabling).



> I'd like to also see at least consideration of making this 1st party only.

That would exclude many legitimate use cases, as discussed above.



> After all, widgets and ads are usually served by script tags, so there's an opportunity for script running and URL rewriting by them before the requests are made.

If they run a script in the context of the main page, they can easily exfiltrate that data, which is available through JS APIs.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-323089158
----==_mimepart_5995a7136875e_3b5d3f86d65b1c3c7799d
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<blockquote>
<p>Could we please stop calling this use case "CDN"? Most CDNs take all t=
raffic for an origin, not just images, etc. (that's very 1999). It's true=
 that some sites direct images.* to a CDN (for example), but that's not g=
reat practice.</p>
</blockquote>
<p>While we can argue that in an H2 world this is not the best practice, =
having a separate domain for images is not uncommon. e.g. looking at <a h=
ref=3D"https://www.nytimes.com/">https://www.nytimes.com/</a> its images =
are served from <a href=3D"https://static01.nyt.com">https://static01.nyt=
.com</a>. All served from the same CDN (and covered by a single cert AFAI=
CT), but still considered a third party from a SOP perspective. It's also=
 not uncommon to have separate certs to such "static domains" as an infos=
ec requirement.</p>
<p>So I don't think we can consider sending CH to third parties as someth=
ing that will only benefit 3rd party content.</p>
<blockquote>
<p>Requiring the origin to opt-in to any 3rd party CHs is an improvement,=
 but not a huge one; it'll just give an incentive to 3rd parties to instr=
uct the origin to set whatever policy we require.</p>
</blockquote>
<p>They can similarly add requirements for the origin to include their JS=
 that will beacon up that data to them. There's very little we can do abo=
ut that other than trust the first party's judgement (and make them aware=
 of what they're enabling).</p>
<blockquote>
<p>I'd like to also see at least consideration of making this 1st party o=
nly.</p>
</blockquote>
<p>That would exclude many legitimate use cases, as discussed above.</p>
<blockquote>
<p>After all, widgets and ads are usually served by script tags, so there=
's an opportunity for script running and URL rewriting by them before the=
 requests are made.</p>
</blockquote>
<p>If they run a script in the context of the main page, they can easily =
exfiltrate that data, which is available through JS APIs.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/372#issuecomment-323089158">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
CEgmxqSyV-3pTTAizVkxEfzI-8uks5sZE0TgaJpZM4Oc7TI">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyMhKyDqqdB8aFz6dXBw2sy-i6YH5ks5sZE0TgaJpZM4Oc7TI.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/372#issuecomment-323089158"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@y=
oavweiss in #372: \u003e Could we please stop calling this use case \"CDN=
\"? Most CDNs take all traffic for an origin, not just images, etc. (that=
's very 1999). It's true that some sites direct images.* to a CDN (for ex=
ample), but that's not great practice.\r\n\r\nWhile we can argue that in =
an H2 world this is not the best practice, having a separate domain for i=
mages is not uncommon. e.g. looking at https://www.nytimes.com/ its image=
s are served from https://static01.nyt.com. All served from the same CDN =
(and covered by a single cert AFAICT), but still considered a third party=
 from a SOP perspective. It's also not uncommon to have separate certs to=
 such \"static domains\" as an infosec requirement.\r\n\r\nSo I don't thi=
nk we can consider sending CH to third parties as something that will onl=
y benefit 3rd party content.\r\n\r\n\r\n\r\n\r\n\u003e Requiring the orig=
in to opt-in to any 3rd party CHs is an improvement, but not a huge one; =
it'll just give an incentive to 3rd parties to instruct the origin to set=
 whatever policy we require.\r\n\r\nThey can similarly add requirements f=
or the origin to include their JS that will beacon up that data to them. =
There's very little we can do about that other than trust the first party=
's judgement (and make them aware of what they're enabling).\r\n\r\n\r\n\=
r\n\u003e I'd like to also see at least consideration of making this 1st =
party only.\r\n\r\nThat would exclude many legitimate use cases, as discu=
ssed above.\r\n\r\n\r\n\r\n\u003e After all, widgets and ads are usually =
served by script tags, so there's an opportunity for script running and U=
RL rewriting by them before the requests are made.\r\n\r\nIf they run a s=
cript in the context of the main page, they can easily exfiltrate that da=
ta, which is available through JS APIs."}],"action":{"name":"View Issue",=
"url":"https://github.com/httpwg/http-extensions/issues/372#issuecomment-=
323089158"}}}</script>=

----==_mimepart_5995a7136875e_3b5d3f86d65b1c3c7799d--


From nobody Thu Aug 17 11:27:28 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.181
X-Spam-Level: 
X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 17 Aug 2017 11:25:14 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1502994314; bh=imWssCRnwiuH+AMcHP/8OYztiTnPFu5lhxUdvrwH8U0=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=KCiP+k+EvBhuFXMDbujF9+YzN02vLr339hyUIe1995Vr5WdZeEK9SMcXVs2WZpDGW FflJ/+P+nMIxzIp2yzJKnnK3kc1j88CQNHv0NU6t70lq1ZQ1cxv868hBvK+RcH1k26 P1WXMwsEIh/WXzDh8jNpJ7v8QVFjL+N3wCVq6TKM=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5995df8ae2aca_3f003fe19c561c346847a"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/ayX642FUezuvvfx3WE5J8FfGXOE>
Message-ID: <mailman.732.1502994447.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 18:27:27 -0000

----==_mimepart_5995df8ae2aca_3f003fe19c561c346847a
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Hey Yoav. Absolutely, but the Web security model doesn't have any concept of CDN; images.* is a third-party host as far as same-origin is concerned.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-323154978
----==_mimepart_5995df8ae2aca_3f003fe19c561c346847a
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Hey Yoav. Absolutely, but the Web security model doesn't have any concept of CDN; images.* is a third-party host as far as same-origin is concerned.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/372#issuecomment-323154978">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyGOuS_U2aVuosVKsoAHIiMbx_sl-ks5sZIWKgaJpZM4Oc7TI">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyM4UM0L2mG5pqqso-hETsr46hNZMks5sZIWKgaJpZM4Oc7TI.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/372#issuecomment-323154978"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #372: Hey Yoav. Absolutely, but the Web security model doesn't have any concept of CDN; images.* is a third-party host as far as same-origin is concerned."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/372#issuecomment-323154978"}}}</script>
----==_mimepart_5995df8ae2aca_3f003fe19c561c346847a--


From nobody Fri Aug 18 01:14:34 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.616
X-Spam-Level: 
X-Spam-Status: No, score=-0.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Ewou2XK83ks1raq1YYTN1ABxSA8=; b=ZR0Y3nbDCa69Aw0x cHiVb+siS4lws6ytu+pXW0r0YIdDxLoFpg17sEewh00GGxUI0P9DTwmG88VOPg7k 2o+G+GN02COOD8id/CJpPE8IFyKQNQY0i2N24zlp8rSzTesS8qIFOAXDkWwwGfxn 3dFHOjJ+shaoysqGLGASp3zgVxY=
Date: Fri, 18 Aug 2017 08:14:30 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5996a1e63ca7c_74f73feefea91c3017312"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/OmOWQtn2sBPU41Jae9WgG36_n1A>
Message-ID: <mailman.807.1503044074.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 08:14:33 -0000

----==_mimepart_5996a1e63ca7c_74f73feefea91c3017312
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

> Absolutely, but the Web security model doesn't have any concept of CDN; images.* is a third-party host as far as same-origin is concerned.

Indeed. All I'm saying is that exposing CH to such "first party owned third parties" is a legitimate and very common use-case. I'd prefer we'd find ways to address that use-case (with appropriate means to maintain user-privacy), rather than block it. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-323290110
----==_mimepart_5996a1e63ca7c_74f73feefea91c3017312
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<blockquote>
<p>Absolutely, but the Web security model doesn't have any concept of CDN; =
images.* is a third-party host as far as same-origin is concerned.</p>
</blockquote>
<p>Indeed. All I'm saying is that exposing CH to such "first party owned th=
ird parties" is a legitimate and very common use-case. I'd prefer we'd find=
 ways to address that use-case (with appropriate means to maintain user-pri=
vacy), rather than block it.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/372#issuecomment-323290110">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyP-8_lfHGEa=
hRWM8T8Pmph9O-qItks5sZUfmgaJpZM4Oc7TI">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyObkmXPZSIGc2=
QnVcMqcWK755bBSks5sZUfmgaJpZM4Oc7TI.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/372#issuecomment-323290110"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@yoavweiss in #372: =
\u003e Absolutely, but the Web security model doesn't have any concept of C=
DN; images.* is a third-party host as far as same-origin is concerned.\r\n\=
r\nIndeed. All I'm saying is that exposing CH to such \"first party owned t=
hird parties\" is a legitimate and very common use-case. I'd prefer we'd fi=
nd ways to address that use-case (with appropriate means to maintain user-p=
rivacy), rather than block it. "}],"action":{"name":"View Issue","url":"htt=
ps://github.com/httpwg/http-extensions/issues/372#issuecomment-323290110"}}=
}</script>=

----==_mimepart_5996a1e63ca7c_74f73feefea91c3017312--


From nobody Fri Aug 18 10:47:21 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level: 
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=20xukk7panX41BfbxjUL/NpSRgM=; b=c/L78N7CkGguBw/x w3+kNN/qKHCwG4okMUDRh8CGlOclRv0/MkbaHFHITA6h5urSjyiILw/FADXyk7ju Tc+rciVvvGWoZxWETtt1GMU7rb+p3QSWCZBhkOOUek4/7TgiIt0P+0rh0E0jwvvz RGzGJaZMxr0/2SKBjMl+CLXXpOc=
Date: Fri, 18 Aug 2017 17:47:15 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59972823c282_8373fe22fbd3c3c5686"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/weBAwgtfTGdWo7IDdGJjQr3SEtw>
Message-ID: <mailman.875.1503078440.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 17:47:20 -0000

----==_mimepart_59972823c282_8373fe22fbd3c3c5686
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I think the direction this is going is to say something along "Examples of
mechanisms that can give additional confidence in a certificate are [ct]
[ocsp]".. both "or" and "and" in the current text seem to convey more
policy than is meant.

On Wed, Aug 16, 2017 at 9:23 PM, Martin Thomson <notifications@github.com>
wrote:

> The "or" seems appropriate here, given that these are examples only. We
> might add new higher requirements for this over time. For instance, we
> might require that these sites include Expect-Staple or Expect-CT policies
> (to match the checks for OCSP or CT), or we might devise new and better
> schemes for avoiding key theft and require those as well. That certainly
> doesn't mean that "and" won't be the actual requirement.
>
> We have to be careful not to overproscribe client policy here. Browsers
> have a lot of resources to throw at these problems, but we could exclude
> other types of clients from these features by the sheer weight of the set
> of requirements that come with them.
>
> =E2=80=94
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <https://github.com/httpwg/http-extensions/issues/330#issuecomment-322942=
923>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAP5s4nA8QgvkAKYllvpWo=
RRR5QXdM0dks5sY5X3gaJpZM4NEzUM>
> .
>


--=20
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-323417961=

----==_mimepart_59972823c282_8373fe22fbd3c3c5686
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I think the direction this is going is to say something along &quot;Example=
s of<br>
mechanisms that can give additional confidence in a certificate are [ct]<br>
[ocsp]&quot;.. both &quot;or&quot; and &quot;and&quot; in the current text =
seem to convey more<br>
policy than is meant.<br>
<br>
On Wed, Aug 16, 2017 at 9:23 PM, Martin Thomson &lt;notifications@github.co=
m&gt;<br>
wrote:<br>
<br>
&gt; The &quot;or&quot; seems appropriate here, given that these are exampl=
es only. We<br>
&gt; might add new higher requirements for this over time. For instance, we=
<br>
&gt; might require that these sites include Expect-Staple or Expect-CT poli=
cies<br>
&gt; (to match the checks for OCSP or CT), or we might devise new and bette=
r<br>
&gt; schemes for avoiding key theft and require those as well. That certain=
ly<br>
&gt; doesn&#39;t mean that &quot;and&quot; won&#39;t be the actual requirem=
ent.<br>
&gt;<br>
&gt; We have to be careful not to overproscribe client policy here. Browser=
s<br>
&gt; have a lot of resources to throw at these problems, but we could exclu=
de<br>
&gt; other types of clients from these features by the sheer weight of the =
set<br>
&gt; of requirements that come with them.<br>
&gt;<br>
&gt; =E2=80=94<br>
&gt; You are receiving this because you were mentioned.<br>
&gt; Reply to this email directly, view it on GitHub<br>
&gt; &lt;https://github.com/httpwg/http-extensions/issues/330#issuecomment-=
322942923&gt;,<br>
&gt; or mute the thread<br>
&gt; &lt;https://github.com/notifications/unsubscribe-auth/AAP5s4nA8QgvkAKY=
llvpWoRRR5QXdM0dks5sY5X3gaJpZM4NEzUM&gt;<br>
&gt; .<br>
&gt;<br>


<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/330#issuecomment-323417961">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyJ1DBJOK8xg=
B6DdAkwEDr_WGLr2lks5sZc4jgaJpZM4NEzUM">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyF-kbTAP7uC75=
EeTPDvdpw_VsVFnks5sZc4jgaJpZM4NEzUM.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/330#issuecomment-323417961"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mcmanus in #330: I =
think the direction this is going is to say something along \"Examples of\n=
mechanisms that can give additional confidence in a certificate are [ct]\n[=
ocsp]\".. both \"or\" and \"and\" in the current text seem to convey more\n=
policy than is meant.\n\nOn Wed, Aug 16, 2017 at 9:23 PM, Martin Thomson \u=
003cnotifications@github.com\u003e\nwrote:\n\n\u003e The \"or\" seems appro=
priate here, given that these are examples only. We\n\u003e might add new h=
igher requirements for this over time. For instance, we\n\u003e might requi=
re that these sites include Expect-Staple or Expect-CT policies\n\u003e (to=
 match the checks for OCSP or CT), or we might devise new and better\n\u003=
e schemes for avoiding key theft and require those as well. That certainly\=
n\u003e doesn't mean that \"and\" won't be the actual requirement.\n\u003e\=
n\u003e We have to be careful not to overproscribe client policy here. Brow=
sers\n\u003e have a lot of resources to throw at these problems, but we cou=
ld exclude\n\u003e other types of clients from these features by the sheer =
weight of the set\n\u003e of requirements that come with them.\n\u003e\n\u0=
03e =E2=80=94\n\u003e You are receiving this because you were mentioned.\n\=
u003e Reply to this email directly, view it on GitHub\n\u003e \u003chttps:/=
/github.com/httpwg/http-extensions/issues/330#issuecomment-322942923\u003e,=
\n\u003e or mute the thread\n\u003e \u003chttps://github.com/notifications/=
unsubscribe-auth/AAP5s4nA8QgvkAKYllvpWoRRR5QXdM0dks5sY5X3gaJpZM4NEzUM\u003e=
\n\u003e .\n\u003e\n"}],"action":{"name":"View Issue","url":"https://github=
.com/httpwg/http-extensions/issues/330#issuecomment-323417961"}}}</script>=

----==_mimepart_59972823c282_8373fe22fbd3c3c5686--


From nobody Fri Aug 18 10:52:44 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.402
X-Spam-Level: 
X-Spam-Status: No, score=-5.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Fri, 18 Aug 2017 10:52:36 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1503078756; bh=KP8E2WoAes2QAPiQzNJnMQA660IAXKHC1iLv6zzAY2A=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=0/2mJGbVNAEmDo1N0R2tJf2TKZee8t/qFKRuydPaAvTdD0Ffml2W9C3+utITW52bz T4v0V2qaoasBzG7b/JWA5dNICBgJNPAjrvNLAoqXOQXQhgAUWIvUZ0VxwmIiDIbxeB Zd8cPRrEuVFWk37KIlMxKw0TRpAxchywyy2ETXwY=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5997296455ece_3e4b3fd7e52a5c2c443f6"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/cPmo9nHUccBP8V5BUb2P_hIm-ng>
Message-ID: <mailman.876.1503078763.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 17:52:42 -0000

----==_mimepart_5997296455ece_3e4b3fd7e52a5c2c443f6
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@mcmanus seems reasonable. There will need to be an "and" in there because english, but it'll be clear it's not requiring the set (because examples).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-323419239
----==_mimepart_5997296455ece_3e4b3fd7e52a5c2c443f6
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://github.com/mcmanus" class="user-mention">@mcmanus</a> seems reasonable. There will need to be an "and" in there because english, but it'll be clear it's not requiring the set (because examples).</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-323419239">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyAoHF9FXV4B3wMavFTLtQe_pHiT3ks5sZc9kgaJpZM4NEzUM">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyLpL6E3ApaJ4Gv58qJ5D4uIt3JpCks5sZc9kgaJpZM4NEzUM.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/330#issuecomment-323419239"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #330: @mcmanus seems reasonable. There will need to be an \"and\" in there because english, but it'll be clear it's not requiring the set (because examples)."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/330#issuecomment-323419239"}}}</script>
----==_mimepart_5997296455ece_3e4b3fd7e52a5c2c443f6--


From nobody Tue Aug 22 04:56:35 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.299
X-Spam-Level: 
X-Spam-Status: No, score=-9.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Tue, 22 Aug 2017 04:56:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1503402990; bh=o1WM+W3wycN3uji6WqeIIa+1EoPLqKV+Uq7mCsw2nlY=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=BMIFlINJ3iovcxKjO3b7j/urHW6HuiA2Lu4RLwBTWq+Rndk5vvclRew3KYKIPSnpI p+pDm+9W2wu+3338ODzA66Cu/YGXwiqI9GzbrD5dAzGng8IpfasLvk5fpN6vg+7h6L bw+Z6JuluaojYS/+vEjQ40DXZYN9SmxIwlV/AA0E=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_599c1bee26328_61d53fd81707fc2c59871"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/BnfSBBOMfax4jB32bsudAg0gIkg>
Message-ID: <mailman.1096.1503402994.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2017 11:56:33 -0000

----==_mimepart_599c1bee26328_61d53fd81707fc2c59871
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I agree. If subresources can use CH then it is bound to be misused. The t=
rend is to further restrict access to third-party cookies e.g. Safari=E2=80=
=99s ITB, so there will be more incentive to find other ways to track. CH=
 headers allow that to be done much more efficiently as there is no need =
for an extra roundtrip.

 =


From: Mark Nottingham [mailto:notifications@github.com] =

Sent: 14 August 2017 22:08
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns=
 (#372)

 =


not chair hat

Could we please stop calling this use case "CDN"? Most CDNs take all traf=
fic for an origin, not just images, etc. (that's very 1999). It's true th=
at some sites direct images.* to a CDN (for example), but that's not grea=
t practice.

We should really be talking about this as 3rd party content -- e.g., widg=
ets and ads. Given the history there, it's entirely reasonable to be conc=
erned about increasing fingerprinting exposure.

Requiring the origin to opt-in to any 3rd party CHs is an improvement, bu=
t not a huge one; it'll just give an incentive to 3rd parties to instruct=
 the origin to set whatever policy we require.

I think that at a minimum, we should warn (Security Considerations) speci=
fically about the new vector for 3rd party content fingerprinting here, a=
nd allow implementations to decide whether they send it to 3rd parties (a=
t all, or when they're in private browsing mode, or...).

I'd like to also see at least consideration of making this 1st party only=
. Given that the use case for CH is mostly to allow intermediaries to do =
content optimisation -- and remembering that origins already have other t=
echniques available to them -- I'm wondering if allowing third party orig=
ins to do intermediary-imposed optimisations is worth the potential priva=
cy tradeoff here. After all, widgets and ads are usually served by script=
 tags, so there's an opportunity for script running and URL rewriting by =
them before the requests are made.

=E2=80=94
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <https://github.com/httpw=
g/http-extensions/issues/372#issuecomment-322310307> , or mute the thread=
 <https://github.com/notifications/unsubscribe-auth/AEBCIiiv1BMQTWukQ1wp7=
quM0rkBOSPIks5sYLdDgaJpZM4Oc7TI> .  <https://github.com/notifications/bea=
con/AEBCIlrrWLn9EzxuNg8YL3AMZpCG-Yemks5sYLdDgaJpZM4Oc7TI.gif> =




-- =

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-3240040=
59=

----==_mimepart_599c1bee26328_61d53fd81707fc2c59871
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I agree. If subresources can use CH then it is bound to be misused. The t=
rend is to further restrict access to third-party cookies e.g. Safari=E2=80=
=99s ITB, so there will be more incentive to find other ways to track. CH=
 headers allow that to be done much more efficiently as there is no need =
for an extra roundtrip.<br>
<br>
 <br>
<br>
From: Mark Nottingham [mailto:notifications@github.com] <br>
Sent: 14 August 2017 22:08<br>
To: httpwg/http-extensions &lt;http-extensions@noreply.github.com&gt;<br>=

Cc: Subscribed &lt;subscribed@noreply.github.com&gt;<br>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns=
 (#372)<br>
<br>
 <br>
<br>
not chair hat<br>
<br>
Could we please stop calling this use case &quot;CDN&quot;? Most CDNs tak=
e all traffic for an origin, not just images, etc. (that&#39;s very 1999)=
. It&#39;s true that some sites direct images.* to a CDN (for example), b=
ut that&#39;s not great practice.<br>
<br>
We should really be talking about this as 3rd party content -- e.g., widg=
ets and ads. Given the history there, it&#39;s entirely reasonable to be =
concerned about increasing fingerprinting exposure.<br>
<br>
Requiring the origin to opt-in to any 3rd party CHs is an improvement, bu=
t not a huge one; it&#39;ll just give an incentive to 3rd parties to inst=
ruct the origin to set whatever policy we require.<br>
<br>
I think that at a minimum, we should warn (Security Considerations) speci=
fically about the new vector for 3rd party content fingerprinting here, a=
nd allow implementations to decide whether they send it to 3rd parties (a=
t all, or when they&#39;re in private browsing mode, or...).<br>
<br>
I&#39;d like to also see at least consideration of making this 1st party =
only. Given that the use case for CH is mostly to allow intermediaries to=
 do content optimisation -- and remembering that origins already have oth=
er techniques available to them -- I&#39;m wondering if allowing third pa=
rty origins to do intermediary-imposed optimisations is worth the potenti=
al privacy tradeoff here. After all, widgets and ads are usually served b=
y script tags, so there&#39;s an opportunity for script running and URL r=
ewriting by them before the requests are made.<br>
<br>
=E2=80=94<br>
You are receiving this because you are subscribed to this thread.<br>
Reply to this email directly, view it on GitHub &lt;https://github.com/ht=
tpwg/http-extensions/issues/372#issuecomment-322310307&gt; , or mute the =
thread &lt;https://github.com/notifications/unsubscribe-auth/AEBCIiiv1BMQ=
TWukQ1wp7quM0rkBOSPIks5sYLdDgaJpZM4Oc7TI&gt; .  &lt;https://github.com/no=
tifications/beacon/AEBCIlrrWLn9EzxuNg8YL3AMZpCG-Yemks5sYLdDgaJpZM4Oc7TI.g=
if&gt; <br>
<br>


<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/372#issuecomment-324004059">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
HJ5iUQRGWHY7MLyEBmeKtxd07YOks5sasHugaJpZM4Oc7TI">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyNcK7T5zZqH_AKesmoqLGAqGwIG5ks5sasHugaJpZM4Oc7TI.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/372#issuecomment-324004059"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@m=
ichael-oneill in #372: I agree. If subresources can use CH then it is bou=
nd to be misused. The trend is to further restrict access to third-party =
cookies e.g. Safari=E2=80=99s ITB, so there will be more incentive to fin=
d other ways to track. CH headers allow that to be done much more efficie=
ntly as there is no need for an extra roundtrip.\n\n \n\nFrom: Mark Notti=
ngham [mailto:notifications@github.com] \nSent: 14 August 2017 22:08\nTo:=
 httpwg/http-extensions \u003chttp-extensions@noreply.github.com\u003e\nC=
c: Subscribed \u003csubscribed@noreply.github.com\u003e\nSubject: Re: [ht=
tpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)\n\n \n\n=
not chair hat\n\nCould we please stop calling this use case \"CDN\"? Most=
 CDNs take all traffic for an origin, not just images, etc. (that's very =
1999). It's true that some sites direct images.* to a CDN (for example), =
but that's not great practice.\n\nWe should really be talking about this =
as 3rd party content -- e.g., widgets and ads. Given the history there, i=
t's entirely reasonable to be concerned about increasing fingerprinting e=
xposure.\n\nRequiring the origin to opt-in to any 3rd party CHs is an imp=
rovement, but not a huge one; it'll just give an incentive to 3rd parties=
 to instruct the origin to set whatever policy we require.\n\nI think tha=
t at a minimum, we should warn (Security Considerations) specifically abo=
ut the new vector for 3rd party content fingerprinting here, and allow im=
plementations to decide whether they send it to 3rd parties (at all, or w=
hen they're in private browsing mode, or...).\n\nI'd like to also see at =
least consideration of making this 1st party only. Given that the use cas=
e for CH is mostly to allow intermediaries to do content optimisation -- =
and remembering that origins already have other techniques available to t=
hem -- I'm wondering if allowing third party origins to do intermediary-i=
mposed optimisations is worth the potential privacy tradeoff here. After =
all, widgets and ads are usually served by script tags, so there's an opp=
ortunity for script running and URL rewriting by them before the requests=
 are made.\n\n=E2=80=94\nYou are receiving this because you are subscribe=
d to this thread.\nReply to this email directly, view it on GitHub \u003c=
https://github.com/httpwg/http-extensions/issues/372#issuecomment-3223103=
07\u003e , or mute the thread \u003chttps://github.com/notifications/unsu=
bscribe-auth/AEBCIiiv1BMQTWukQ1wp7quM0rkBOSPIks5sYLdDgaJpZM4Oc7TI\u003e .=
  \u003chttps://github.com/notifications/beacon/AEBCIlrrWLn9EzxuNg8YL3AMZ=
pCG-Yemks5sYLdDgaJpZM4Oc7TI.gif\u003e \n\n"}],"action":{"name":"View Issu=
e","url":"https://github.com/httpwg/http-extensions/issues/372#issuecomme=
nt-324004059"}}}</script>=

----==_mimepart_599c1bee26328_61d53fd81707fc2c59871--


From nobody Tue Aug 22 10:46:41 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.019
X-Spam-Level: 
X-Spam-Status: No, score=-7.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Tue, 22 Aug 2017 10:46:34 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1503423994; bh=9/Hi2m6mrcSgeFzh3zHE4BKKYq8ZlQSUvmjZJckB834=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Wm88SnTXRgGlU0fOsPLnK2wDgWEJpe+2mBNvbD6wg3c2ddX6C5uSwxKP2jpYTsJTj V/mT9UFOMsgMSj3morPMGEhest2snQeZ74Bc0wBxGYU2U/JTdrubdPNImUL9AlY+1s xsvdhw7V/26AT5U9AOl74Rrzbx2E8d3nK8OewHUc=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/232@github.com>
References: <httpwg/http-extensions/issues/232@github.com>
Subject: Re: [httpwg/http-extensions] Short Circuit (#232)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_599c6dfa43fd1_31793fc63577fc3c1580c6"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/_BLVEYLuMFno06rzSXaVzRh-mrI>
Message-ID: <mailman.1141.1503424001.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2017 17:46:40 -0000

----==_mimepart_599c6dfa43fd1_31793fc63577fc3c1580c6
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I like this idea because it allows for what I've typically called 'branched vary logic', ie. multiple variations for a URL do not all have to share the same Vary header.  This use case is [described in detail in a post I made](https://www.fastly.com/blog/getting-most-out-vary-fastly) on the Fastly engineering blog today under the heading "Reducing granularity with variable Vary values for the same URL"

With Key, there's a baked in requirement for all variations to have the same key recipe, which simplifies implementation and allows for higher performance at scale, but appears to scupper the potential for branched logic.  However, Key could have a mechanism that halts the construction of the key at the current rule if some condition is met.   Straw man syntax proposal:

```
Key: AcmeCo-Auth-State; param=role; end-on-match="anon", AcmeCo-ABTestFlags
```

This says vary on the `role` subfield of the `AcmeCo-Auth-State` header, and if that value is *not* "anon", also vary on `AcmeCo-ABTestFlags`.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/232#issuecomment-324101206
----==_mimepart_599c6dfa43fd1_31793fc63577fc3c1580c6
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>I like this idea because it allows for what I've typically called 'bra=
nched vary logic', ie. multiple variations for a URL do not all have to s=
hare the same Vary header.  This use case is <a href=3D"https://www.fastl=
y.com/blog/getting-most-out-vary-fastly">described in detail in a post I =
made</a> on the Fastly engineering blog today under the heading "Reducing=
 granularity with variable Vary values for the same URL"</p>
<p>With Key, there's a baked in requirement for all variations to have th=
e same key recipe, which simplifies implementation and allows for higher =
performance at scale, but appears to scupper the potential for branched l=
ogic.  However, Key could have a mechanism that halts the construction of=
 the key at the current rule if some condition is met.   Straw man syntax=
 proposal:</p>
<pre><code>Key: AcmeCo-Auth-State; param=3Drole; end-on-match=3D"anon", A=
cmeCo-ABTestFlags
</code></pre>
<p>This says vary on the <code>role</code> subfield of the <code>AcmeCo-A=
uth-State</code> header, and if that value is <em>not</em> "anon", also v=
ary on <code>AcmeCo-ABTestFlags</code>.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/232#issuecomment-324101206">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
JMZtP6a53MHGN4Rg_Fqi6zwPZelks5saxP6gaJpZM4JrtIC">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyJHTHy4MMROiqTjk-mLXDftAporDks5saxP6gaJpZM4JrtIC.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/232#issuecomment-324101206"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@t=
riblondon in #232: I like this idea because it allows for what I've typic=
ally called 'branched vary logic', ie. multiple variations for a URL do n=
ot all have to share the same Vary header.  This use case is [described i=
n detail in a post I made](https://www.fastly.com/blog/getting-most-out-v=
ary-fastly) on the Fastly engineering blog today under the heading \"Redu=
cing granularity with variable Vary values for the same URL\"\r\n\r\nWith=
 Key, there's a baked in requirement for all variations to have the same =
key recipe, which simplifies implementation and allows for higher perform=
ance at scale, but appears to scupper the potential for branched logic.  =
However, Key could have a mechanism that halts the construction of the ke=
y at the current rule if some condition is met.   Straw man syntax propos=
al:\r\n\r\n```\r\nKey: AcmeCo-Auth-State; param=3Drole; end-on-match=3D\"=
anon\", AcmeCo-ABTestFlags\r\n```\r\n\r\nThis says vary on the `role` sub=
field of the `AcmeCo-Auth-State` header, and if that value is *not* \"ano=
n\", also vary on `AcmeCo-ABTestFlags`."}],"action":{"name":"View Issue",=
"url":"https://github.com/httpwg/http-extensions/issues/232#issuecomment-=
324101206"}}}</script>=

----==_mimepart_599c6dfa43fd1_31793fc63577fc3c1580c6--


From nobody Fri Aug 25 17:02:54 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.615
X-Spam-Level: 
X-Spam-Status: No, score=-0.615 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=L1MrSkT4K3t+B5ygAJWZhUhR4PU=; b=HxKBbYLXMcS/GgS9 Jq7w7/c0ozGGbzOqGUw9B7k4QX91KWRJ6r3cLcZ4MeurJzYB7v69RBVt06O45599 lidy/pM/tR0BZ+3eY5pZwqj2x4l8gdmnDm30zPq/29GI7pgc7nztLnEzxxrDJ7uc qW6jbDgAINHV7RlMSz5lMXSf76g=
Date: Sat, 26 Aug 2017 00:02:50 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a0baaa538bd_75f33fb9fc621c2c1218ab"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/aJrK1tOYotgyY-4ob1n7B94Bl3E>
Message-ID: <mailman.1599.1503705773.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Aug 2017 00:02:53 -0000

----==_mimepart_59a0baaa538bd_75f33fb9fc621c2c1218ab
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit


You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/385

-- Commit Summary --

  * ORIGIN: reject origins on non-authoritative connection.

-- File Changes --

    M draft-ietf-httpbis-origin-frame.md (3)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/385.patch
https://github.com/httpwg/http-extensions/pull/385.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385

----==_mimepart_59a0baaa538bd_75f33fb9fc621c2c1218ab
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit



<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/385'>https://github.com/httpwg/http-extensions/pull/385</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>ORIGIN: reject origins on non-authoritative connection.</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/385/files#diff-0">draft-ietf-httpbis-origin-frame.md</a>
    (3)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/385.patch'>https://github.com/httpwg/http-extensions/pull/385.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/385.diff'>https://github.com/httpwg/http-extensions/pull/385.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/385">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyN2simGWbXqasEVigYhetp2oV2moks5sb2CqgaJpZM4PDRoT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyAXIZBsx9bqGPdfJyWUypHq-91gqks5sb2CqgaJpZM4PDRoT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/385"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"ORIGIN: reject origins on non-authoritative connection. (#385)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/385"}}}</script>

----==_mimepart_59a0baaa538bd_75f33fb9fc621c2c1218ab--


From nobody Fri Aug 25 17:11:16 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.395
X-Spam-Level: 
X-Spam-Status: No, score=-3.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=44e51kMkkStD1ehs5GWGleLJ23o=; b=UGNQ92Jdt4rAq76d sLQMAIPYWTqf8Hqz8Q92MS591PPcy/3dkrmztf8TLaG0/W1J7fUwFjmNB8mvAZmq WFgppaDjAzk9fqEV60BGIjU3QJ+C6Zzp6xfTYvoprn28q9Af3LGp2PKvuhshcvBp bMKqnwT7t25a3yZj2DMofqz6Fa4=
Date: Sat, 26 Aug 2017 00:11:12 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a0bca050065_45893f946db23c34262cc"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/XUOiYGPrcZpkSEwy0FnXLkOyX_I>
Message-ID: <mailman.1600.1503706275.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Aug 2017 00:11:15 -0000

----==_mimepart_59a0bca050065_45893f946db23c34262cc
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@mnot @enygren @mcmanus please take a look, the current draft is a bit underspecified when dealing with misbehaving servers. Also, I'm not sure if we should also add text saying that `servers MUST NOT send origins for which they are not authoritative`, since it's kind of given.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325061172
----==_mimepart_59a0bca050065_45893f946db23c34262cc
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><a href=3D"https://github.com/mnot" class=3D"user-mention">@mnot</a> <a =
href=3D"https://github.com/enygren" class=3D"user-mention">@enygren</a> <a =
href=3D"https://github.com/mcmanus" class=3D"user-mention">@mcmanus</a> ple=
ase take a look, the current draft is a bit underspecified when dealing wit=
h misbehaving servers. Also, I'm not sure if we should also add text saying=
 that <code>servers MUST NOT send origins for which they are not authoritat=
ive</code>, since it's kind of given.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/pull/385#issuecomment-325061172">view it on GitHub</a>, or <a =
href=3D"https://github.com/notifications/unsubscribe-auth/AORpyC5wr8mHlbPun=
C91uHKKcGu3RSB4ks5sb2KggaJpZM4PDRoT">mute the thread</a>.<img alt=3D"" heig=
ht=3D"1" src=3D"https://github.com/notifications/beacon/AORpyNV2PMb4uQY4UlC=
iJJvFuYC7H7rMks5sb2KggaJpZM4PDRoT.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
pull/385#issuecomment-325061172"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHub"=
></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@PiotrSikora in #385=
: @mnot @enygren @mcmanus please take a look, the current draft is a bit un=
derspecified when dealing with misbehaving servers. Also, I'm not sure if w=
e should also add text saying that `servers MUST NOT send origins for which=
 they are not authoritative`, since it's kind of given."}],"action":{"name"=
:"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/=
385#issuecomment-325061172"}}}</script>=

----==_mimepart_59a0bca050065_45893f946db23c34262cc--


From nobody Fri Aug 25 19:18:52 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.616
X-Spam-Level: 
X-Spam-Status: No, score=-0.616 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=RRFc+Tf4pMd76jJt1EmDOv2UR4Q=; b=nzdK+ia+XE0B1xTv UHdcBHreWK4ugAffWYWKIx6jZvKurKuC2SdXz6Rogwdv8D/MI1kAl1bwOoIjbQEj nkDkTPedw0/tQjAuacDyAGs+5Zeo/rEpYNI9Euj2FAGb6xoM9pqaDlKNC1rvqG+E ILtIsnn8mGlEJ9ZPhNyGPfeCtXA=
Date: Sat, 26 Aug 2017 02:18:49 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a0da88a2e7a_78723f967cc77c3c109573"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/glI2RhRPMTJ0YbQYsqK-D57seAk>
Message-ID: <mailman.1601.1503713932.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Aug 2017 02:18:51 -0000

----==_mimepart_59a0da88a2e7a_78723f967cc77c3c109573
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Looks good, thanks!

One missing thing is that there is no way to limit the Origin Set (which was the original motivation behind this draft) without allowing clients to bypass DNS, leading to the aforementioned operational issues with DNS-based load balancing. This could be easily solved with 1-bit flag, but it's such an edge case, that I'm not sure if it's worth accommodating.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-325074473
----==_mimepart_59a0da88a2e7a_78723f967cc77c3c109573
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Looks good, thanks!</p>
<p>One missing thing is that there is no way to limit the Origin Set (which=
 was the original motivation behind this draft) without allowing clients to=
 bypass DNS, leading to the aforementioned operational issues with DNS-base=
d load balancing. This could be easily solved with 1-bit flag, but it's suc=
h an edge case, that I'm not sure if it's worth accommodating.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/330#issuecomment-325074473">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyFnNFlJ1-nx=
VytmAx9Eud9ccxHY2ks5sb4CIgaJpZM4NEzUM">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyOlWF1vGEYe-5=
xaJ7FT3WkD-Lhh-ks5sb4CIgaJpZM4NEzUM.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/330#issuecomment-325074473"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@PiotrSikora in #330=
: Looks good, thanks!\r\n\r\nOne missing thing is that there is no way to l=
imit the Origin Set (which was the original motivation behind this draft) w=
ithout allowing clients to bypass DNS, leading to the aforementioned operat=
ional issues with DNS-based load balancing. This could be easily solved wit=
h 1-bit flag, but it's such an edge case, that I'm not sure if it's worth a=
ccommodating."}],"action":{"name":"View Issue","url":"https://github.com/ht=
tpwg/http-extensions/issues/330#issuecomment-325074473"}}}</script>=

----==_mimepart_59a0da88a2e7a_78723f967cc77c3c109573--


From nobody Sat Aug 26 21:18:07 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.453
X-Spam-Level: 
X-Spam-Status: No, score=-5.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Sat, 26 Aug 2017 21:18:03 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1503807483; bh=63HhUT+zGtLV9B8yaT5fnr0cz4asd9tdo1NRZlVBCdU=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=d90FKnexrA6+FryYa+Yh4Il4pJETsq7QwyLT0nalSKm32LGfx4xQVDgH5yjCUaOcV E0SKcWqmLhk6SapEw+vsZYaB7XcT1xO3h14UTKLHtLZ8b0ZXp/ejWSOnh2OZwAcvSd DZZtLW9t9gOFeUSidkuBbl0XgyqaLg/+AGxXvFnE=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] AUTH48 changes for rfc5987bis (#386)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a247fb19d32_393b3fdca0ad9c3073766"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/wfyK1zTbnjExpzQ4o0YKBFE9FP0>
Message-ID: <mailman.1642.1503807486.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Aug 2017 04:18:05 -0000

----==_mimepart_59a247fb19d32_393b3fdca0ad9c3073766
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/386
----==_mimepart_59a247fb19d32_393b3fdca0ad9c3073766
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit



<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/386">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKCSS5U_NTR4zQSemHwF0O5FIL5wks5scO37gaJpZM4PDsiA">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyEGAtH-jsvfYTxkV_AeOtL00kTMbks5scO37gaJpZM4PDsiA.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/386"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"AUTH48 changes for rfc5987bis (#386)"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/386"}}}</script>
----==_mimepart_59a247fb19d32_393b3fdca0ad9c3073766--


From nobody Sat Aug 26 22:30:53 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.473
X-Spam-Level: 
X-Spam-Status: No, score=-0.473 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=HEZlt/j5Mvt7vj5m9T1KXl9dU/g=; b=iXksi8LKPpZo0Mxu bgOG67fvzSRWh7s9r7VO+kPxDg7NJcp+ca8atPzqe/7fkJerY/lUGiq1cgSapBMy Pwa+XQVNtqOElB5lZhV1NaDXVmlGp2p8JKIcrTsiyvWCviyuX9c6cU/P4R7GLvom DYojqmyVOjrjFo3N4LCqnMximas=
Date: Sun, 27 Aug 2017 05:30:49 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/386@github.com>
References: <httpwg/http-extensions/issues/386@github.com>
Subject: Re: [httpwg/http-extensions] AUTH48 changes for rfc5987bis (#386)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a259095c0d1_54593fa957af1c30893af"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/p1kHeTL246r7OXQYDbOcp6t17bg>
Message-ID: <mailman.1643.1503811853.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Aug 2017 05:30:53 -0000

----==_mimepart_59a259095c0d1_54593fa957af1c30893af
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

(closed as the document has already been removed from git)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/386#issuecomment-325178143
----==_mimepart_59a259095c0d1_54593fa957af1c30893af
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>(closed as the document has already been removed from git)</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/386#issuecomment-325178143">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyEKmh9U_BCPa3_A33XMyX3fMuHy8ks5scP8JgaJpZM4PDsiA">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyHvDP_YThGFGae23khb12uwewXkjks5scP8JgaJpZM4PDsiA.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/386#issuecomment-325178143"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@reschke in #386: (closed as the document has already been removed from git)"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/386#issuecomment-325178143"}}}</script>
----==_mimepart_59a259095c0d1_54593fa957af1c30893af--


From nobody Sat Aug 26 22:31:01 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.401
X-Spam-Level: 
X-Spam-Status: No, score=-0.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Joe4PBfcROrT7e9FFHhnBaYODHU=; b=mv5Apa5PZOtpcgmA SUCNT1CyDqxWUz+9Fdk87TcR47zKRHiPOELynPtUVCcv06zffo1/dZ5R4f9LYm4T tFBWCm2Mz7ioDDbTfpxXKLthR2Q5S420SkxUbXms4YaFPh58enCrUWDpGH+ph2V/ TCwrLKzk4zs75MIZih0P95CDcFg=
Date: Sun, 27 Aug 2017 05:30:50 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/386@github.com>
References: <httpwg/http-extensions/issues/386@github.com>
Subject: Re: [httpwg/http-extensions] AUTH48 changes for rfc5987bis (#386)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a2590987294_13ef3fefb26e3c3c517ea"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/F_5ydNZJ3kI4_FfOLkr92ACWFOg>
Message-ID: <mailman.1644.1503811859.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Aug 2017 05:30:53 -0000

----==_mimepart_59a2590987294_13ef3fefb26e3c3c517ea
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Closed #386.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/386#event-1222697182
----==_mimepart_59a2590987294_13ef3fefb26e3c3c517ea
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Closed <a href="https://github.com/httpwg/http-extensions/issues/386" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/386" data-id="253140084" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#386</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/386#event-1222697182">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyEKmh9U_BCPa3_A33XMyX3fMuHy8ks5scP8JgaJpZM4PDsiA">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyHvDP_YThGFGae23khb12uwewXkjks5scP8JgaJpZM4PDsiA.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/386#event-1222697182"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #386."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/386#event-1222697182"}}}</script>
----==_mimepart_59a2590987294_13ef3fefb26e3c3c517ea--


From nobody Mon Aug 28 01:17:13 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.596
X-Spam-Level: 
X-Spam-Status: No, score=-5.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 28 Aug 2017 01:17:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1503908229; bh=tr+dBmO3jqR32QESoG4EzVVdyLE/WmJj7DkUMvg2e4M=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Y4hKwkhr8rJ4mLRhJS886/mTf+BqM4C8sG/utgf5oBzdTSE2Mljmv2rL5+K4pN428 DqvKCgNZ8iwuihGXR8+0gR/pnfK67edmlGNQCHvMEqowXYDcf/kHhMSW+Wu3VdXtWJ WDOfL10eQSmlvPs2xVfqom06brEcZvQaypHj00Vs=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a3d185b8b87_7d313fc2d8843c3c6916"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/3PWuvLR8VvLQA_UZNNd09DVtqXg>
Message-ID: <mailman.1673.1503908232.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Aug 2017 08:17:12 -0000

----==_mimepart_59a3d185b8b87_7d313fc2d8843c3c6916
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Shutting down the connection because the client doesn't like the server's authority seems too severe; given that clients can (and will) have different policies for establishing authority, this creates a strong incentive for the server to be very conservative.

I could see a stream error; that gives information about what happened. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325290646
----==_mimepart_59a3d185b8b87_7d313fc2d8843c3c6916
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Shutting down the connection because the client doesn't like the serve=
r's authority seems too severe; given that clients can (and will) have di=
fferent policies for establishing authority, this creates a strong incent=
ive for the server to be very conservative.</p>
<p>I could see a stream error; that gives information about what happened=
.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/pull/385#issuecomment-325290646">view it on GitHub</a>=
, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyDM=
mSEyqEhABFyFjwlXrPw-m0FHXks5scneFgaJpZM4PDRoT">mute the thread</a>.<img a=
lt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AORpy=
GBR9rhvOD-x_wXSEV-JiOoPTj46ks5scneFgaJpZM4PDRoT.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/pull/385#issuecomment-325290646"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHu=
b"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@m=
not in #385: Shutting down the connection because the client doesn't like=
 the server's authority seems too severe; given that clients can (and wil=
l) have different policies for establishing authority, this creates a str=
ong incentive for the server to be very conservative.\r\n\r\nI could see =
a stream error; that gives information about what happened. "}],"action":=
{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensi=
ons/pull/385#issuecomment-325290646"}}}</script>=

----==_mimepart_59a3d185b8b87_7d313fc2d8843c3c6916--


From nobody Mon Aug 28 02:30:13 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.799
X-Spam-Level: 
X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4LxL82IgaAYt+dddheDHqtMzJ4I=; b=BtOre98ydychAyqP QodyTL0i0yhLpA9CbYg0YILfT0iBpLDUzyX0BoJsDVHtOSvJoPILMpS3XCSeRpwf 8iTt4rHJvkw/90XzGJmZQgSP7lya+GDuF6t5MHTrMEl7z794hMYKQBb0GR5F9bIT ItkejStT4dUbxZ/6TUjWL35a8tE=
Date: Mon, 28 Aug 2017 09:30:09 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a3e2a11d9fa_1370a3f9117eb1c38178314"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/QxiylSDxDobjCUwOQIOzrpdQ1pY>
Message-ID: <mailman.1680.1503912612.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Aug 2017 09:30:12 -0000

----==_mimepart_59a3e2a11d9fa_1370a3f9117eb1c38178314
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Maybe this could have been phrased better, but what I meant is the `subjectAltName` check mentioned in the sentence before, i.e. server sending an `ORIGIN` frame for a domain it didn't present the certificate for (either during initial TLS handshake or via `CERTIFICATE` frame), not the recommended CT and/or OCSP checks, since those will vary from browser to browser.

There is no mention of such scenario in the current draft, and it's unclear how clients should behave when it happens.

`ORIGIN` frame applies to the whole connection and it's not sent on a particular stream, so I don't see how clients could send a stream error, really.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325306735
----==_mimepart_59a3e2a11d9fa_1370a3f9117eb1c38178314
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Maybe this could have been phrased better, but what I meant is the <code=
>subjectAltName</code> check mentioned in the sentence before, i.e. server =
sending an <code>ORIGIN</code> frame for a domain it didn't present the cer=
tificate for (either during initial TLS handshake or via <code>CERTIFICATE<=
/code> frame), not the recommended CT and/or OCSP checks, since those will =
vary from browser to browser.</p>
<p>There is no mention of such scenario in the current draft, and it's uncl=
ear how clients should behave when it happens.</p>
<p><code>ORIGIN</code> frame applies to the whole connection and it's not s=
ent on a particular stream, so I don't see how clients could send a stream =
error, really.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/pull/385#issuecomment-325306735">view it on GitHub</a>, or <a =
href=3D"https://github.com/notifications/unsubscribe-auth/AORpyG2DivoR788al=
mJ7c2TCMiJZ0F-kks5scoihgaJpZM4PDRoT">mute the thread</a>.<img alt=3D"" heig=
ht=3D"1" src=3D"https://github.com/notifications/beacon/AORpyIlw2exFDagyvDQ=
vunkGC2wpyep-ks5scoihgaJpZM4PDRoT.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
pull/385#issuecomment-325306735"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHub"=
></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@PiotrSikora in #385=
: Maybe this could have been phrased better, but what I meant is the `subje=
ctAltName` check mentioned in the sentence before, i.e. server sending an `=
ORIGIN` frame for a domain it didn't present the certificate for (either du=
ring initial TLS handshake or via `CERTIFICATE` frame), not the recommended=
 CT and/or OCSP checks, since those will vary from browser to browser.\r\n\=
r\nThere is no mention of such scenario in the current draft, and it's uncl=
ear how clients should behave when it happens.\r\n\r\n`ORIGIN` frame applie=
s to the whole connection and it's not sent on a particular stream, so I do=
n't see how clients could send a stream error, really."}],"action":{"name":=
"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/3=
85#issuecomment-325306735"}}}</script>=

----==_mimepart_59a3e2a11d9fa_1370a3f9117eb1c38178314--


From nobody Mon Aug 28 06:26:46 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=3a/qKyODeyIEnjw1hv3MJe+I2q4=; b=QZaI/8UBpoD9vx4t XuI9Dem1vUSmsB1KmygEmA9aJrR+RveEWfsi3yI4tkpynMXUGfX2zaNUVo0ivEvE mHY5FOjjeO/jnI5JdAD6Mb5wNxqpvutFmfGjwakgE9p+m/hnXkfbpXDkfU7AMNvf ndk7LSXGv9Q7gwNQNZKQmBgtdsU=
Date: Mon, 28 Aug 2017 13:26:42 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a41a11b948a_28d53f7f580bdc3898246"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/90yDoSM5Tncul3ACmsm9Z5sFtOU>
Message-ID: <mailman.1702.1503926806.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Aug 2017 13:26:45 -0000

----==_mimepart_59a41a11b948a_28d53f7f580bdc3898246
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@PiotrSikora I think the concern is that the server does send a potential certificate but the client rejects its use with a particular ORIGIN due to client policy that is opaque to the server. (i.e. different trust roots, stored exceptions, etc..)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325352775
----==_mimepart_59a41a11b948a_28d53f7f580bdc3898246
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><a href=3D"https://github.com/piotrsikora" class=3D"user-mention">@Piotr=
Sikora</a> I think the concern is that the server does send a potential cer=
tificate but the client rejects its use with a particular ORIGIN due to cli=
ent policy that is opaque to the server. (i.e. different trust roots, store=
d exceptions, etc..)</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/pull/385#issuecomment-325352775">view it on GitHub</a>, or <a =
href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGMVI9-8XKhUL=
w2f83rfM_QsCB5Jks5scsARgaJpZM4PDRoT">mute the thread</a>.<img alt=3D"" heig=
ht=3D"1" src=3D"https://github.com/notifications/beacon/AORpyPhY0BR4bqZA6KT=
qWMruGKBYKO8Sks5scsARgaJpZM4PDRoT.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
pull/385#issuecomment-325352775"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHub"=
></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mcmanus in #385: @P=
iotrSikora I think the concern is that the server does send a potential cer=
tificate but the client rejects its use with a particular ORIGIN due to cli=
ent policy that is opaque to the server. (i.e. different trust roots, store=
d exceptions, etc..)"}],"action":{"name":"View Pull Request","url":"https:/=
/github.com/httpwg/http-extensions/pull/385#issuecomment-325352775"}}}</scr=
ipt>=

----==_mimepart_59a41a11b948a_28d53f7f580bdc3898246--


From nobody Mon Aug 28 20:56:16 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level: 
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=FeZSwa8DhRmqmKcWPlvK+RSiIlg=; b=bmzk12SSzi2/iUZU 4HbPumTIH99I9aWkN0i+onnfhExCZ71FlzZ6qzC8sz8ntRJA21+hgx0CXEIieAo/ 4DhOumi6JYqXaL6S3h65obLGWmHdYDrA09V0sztt0QUCd3YaAPmTND7rUkMzgFFh 72APiOwRntOUGgWDVsrnAaQGk9U=
Date: Tue, 29 Aug 2017 03:56:11 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a4e5db47248_410a3fb990017c30458ce"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/EuQGjxaN7q0QidhO5pr16bRB3CU>
Message-ID: <mailman.1797.1503978975.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 03:56:15 -0000

----==_mimepart_59a4e5db47248_410a3fb990017c30458ce
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@mcmanus Ah, that makes more sense, thanks!

However, as of right now, the certificate cannot be rejected, because the only one is provided during initial TLS handshake, which means that if it's rejected, then there is no HTTP/2 connection to begin with.

I agree that it gets a bit more complicated with the `CERTIFICATE` frame, especially because [the current draft, section 4](https://datatracker.ietf.org/doc/html/draft-bishop-httpbis-http2-additional-certs-04#section-4) allows implementations to not terminate the connection upon receiving invalid certificate, probably for the reasons mentioned by you.

However, I feel a bit uncomfortable with a draft that doesn't even mention the malicious behavior, and doesn't define what clients should do in such cases.

At the very least, there are 2 cases to cover:

1. Client connects to `https://evil.com` (certificate valid for `evil.com`), server sends `ORIGIN` frame for `https://bank.com`.

2. Client connects to `https://evil.com` (certificate valid for `evil.com`), server sends `CERTIFICATE` frame with a certificate for `bank.com` signed by unknown CA, followed by an `ORIGIN` frame for `https://bank.com`.

How should clients behave in both of those cases? Neither is even mentioned in the current draft.

For the record, I'm fine if the consensus is different from what I suggested in this pull request, but I think that those cases should be mentioned and client behavior should be defined for them.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325548383
----==_mimepart_59a4e5db47248_410a3fb990017c30458ce
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><a href=3D"https://github.com/mcmanus" class=3D"user-mention">@mcmanus</=
a> Ah, that makes more sense, thanks!</p>
<p>However, as of right now, the certificate cannot be rejected, because th=
e only one is provided during initial TLS handshake, which means that if it=
's rejected, then there is no HTTP/2 connection to begin with.</p>
<p>I agree that it gets a bit more complicated with the <code>CERTIFICATE</=
code> frame, especially because <a href=3D"https://datatracker.ietf.org/doc=
/html/draft-bishop-httpbis-http2-additional-certs-04#section-4">the current=
 draft, section 4</a> allows implementations to not terminate the connectio=
n upon receiving invalid certificate, probably for the reasons mentioned by=
 you.</p>
<p>However, I feel a bit uncomfortable with a draft that doesn't even menti=
on the malicious behavior, and doesn't define what clients should do in suc=
h cases.</p>
<p>At the very least, there are 2 cases to cover:</p>
<ol>
<li>
<p>Client connects to <code>https://evil.com</code> (certificate valid for =
<code>evil.com</code>), server sends <code>ORIGIN</code> frame for <code>ht=
tps://bank.com</code>.</p>
</li>
<li>
<p>Client connects to <code>https://evil.com</code> (certificate valid for =
<code>evil.com</code>), server sends <code>CERTIFICATE</code> frame with a =
certificate for <code>bank.com</code> signed by unknown CA, followed by an =
<code>ORIGIN</code> frame for <code>https://bank.com</code>.</p>
</li>
</ol>
<p>How should clients behave in both of those cases? Neither is even mentio=
ned in the current draft.</p>
<p>For the record, I'm fine if the consensus is different from what I sugge=
sted in this pull request, but I think that those cases should be mentioned=
 and client behavior should be defined for them.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/pull/385#issuecomment-325548383">view it on GitHub</a>, or <a =
href=3D"https://github.com/notifications/unsubscribe-auth/AORpyKDX5-SQkm8iu=
3xreS4uZrKdyYU2ks5sc4vbgaJpZM4PDRoT">mute the thread</a>.<img alt=3D"" heig=
ht=3D"1" src=3D"https://github.com/notifications/beacon/AORpyJ-DqITSDxsyZSS=
SmQFEyedUJhmvks5sc4vbgaJpZM4PDRoT.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
pull/385#issuecomment-325548383"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHub"=
></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@PiotrSikora in #385=
: @mcmanus Ah, that makes more sense, thanks!\r\n\r\nHowever, as of right n=
ow, the certificate cannot be rejected, because the only one is provided du=
ring initial TLS handshake, which means that if it's rejected, then there i=
s no HTTP/2 connection to begin with.\r\n\r\nI agree that it gets a bit mor=
e complicated with the `CERTIFICATE` frame, especially because [the current=
 draft, section 4](https://datatracker.ietf.org/doc/html/draft-bishop-httpb=
is-http2-additional-certs-04#section-4) allows implementations to not termi=
nate the connection upon receiving invalid certificate, probably for the re=
asons mentioned by you.\r\n\r\nHowever, I feel a bit uncomfortable with a d=
raft that doesn't even mention the malicious behavior, and doesn't define w=
hat clients should do in such cases.\r\n\r\nAt the very least, there are 2 =
cases to cover:\r\n\r\n1. Client connects to `https://evil.com` (certificat=
e valid for `evil.com`), server sends `ORIGIN` frame for `https://bank.com`=
.\r\n\r\n2. Client connects to `https://evil.com` (certificate valid for `e=
vil.com`), server sends `CERTIFICATE` frame with a certificate for `bank.co=
m` signed by unknown CA, followed by an `ORIGIN` frame for `https://bank.co=
m`.\r\n\r\nHow should clients behave in both of those cases? Neither is eve=
n mentioned in the current draft.\r\n\r\nFor the record, I'm fine if the co=
nsensus is different from what I suggested in this pull request, but I thin=
k that those cases should be mentioned and client behavior should be define=
d for them."}],"action":{"name":"View Pull Request","url":"https://github.c=
om/httpwg/http-extensions/pull/385#issuecomment-325548383"}}}</script>=

----==_mimepart_59a4e5db47248_410a3fb990017c30458ce--


From nobody Mon Aug 28 21:24:39 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.799
X-Spam-Level: 
X-Spam-Status: No, score=-4.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4vrPgDBOJ56Bv44z4FW6ug3viSM=; b=Ps+Ur4UoInIe+crB 919f0ilE7TMX1W0TMaoPcszL9TyZtJgm/hRttpJOwRYhb+PLTixzFlJVvFFe/snV CS9E5Qn+gM5xhh3MPvbFcdAky6Jvi5+9HUoOR1gKeR2d1dGsuxntyimAhARVRe5K V7nK5bI4v533TYEQzlXhqtl88qg=
Date: Tue, 29 Aug 2017 04:24:35 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a4ec82d2583_153f3fdc99091c348104c"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/X82aiMdOFcZpHqVY69l0bzuUAMY>
Message-ID: <mailman.1804.1503980679.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 04:24:38 -0000

----==_mimepart_59a4ec82d2583_153f3fdc99091c348104c
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

With coalescing, this still applies to the one certificate.  A connection might be good for `evil.com`, but not for `bank.com`, even when both appear in the same certificate.  That might be because `bank.com` has a pinning rule or Expect-CT or any one of a host of other reasons that a certificate might appear OK, but not be (the variety of reasons being why certificates are a nightmare of complexity).

This draft probably doesn't want to get into the details of the `CERTIFICATE` frame.  In your examples, an `ORIGIN` frame for origin that the server on this connection isn't authoritative for can - or maybe SHOULD - be ignored.  That ignoring can stop at the point that the server becomes authoritative for any reason (straw man example that isn't `CERTIFICATE`: the `notBefore` time might pass).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325551535
----==_mimepart_59a4ec82d2583_153f3fdc99091c348104c
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>With coalescing, this still applies to the one certificate.  A connectio=
n might be good for <code>evil.com</code>, but not for <code>bank.com</code=
>, even when both appear in the same certificate.  That might be because <c=
ode>bank.com</code> has a pinning rule or Expect-CT or any one of a host of=
 other reasons that a certificate might appear OK, but not be (the variety =
of reasons being why certificates are a nightmare of complexity).</p>
<p>This draft probably doesn't want to get into the details of the <code>CE=
RTIFICATE</code> frame.  In your examples, an <code>ORIGIN</code> frame for=
 origin that the server on this connection isn't authoritative for can - or=
 maybe SHOULD - be ignored.  That ignoring can stop at the point that the s=
erver becomes authoritative for any reason (straw man example that isn't <c=
ode>CERTIFICATE</code>: the <code>notBefore</code> time might pass).</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/pull/385#issuecomment-325551535">view it on GitHub</a>, or <a =
href=3D"https://github.com/notifications/unsubscribe-auth/AORpyH9NZv8ym28H7=
6YQIqtcKlwn1dxYks5sc5KCgaJpZM4PDRoT">mute the thread</a>.<img alt=3D"" heig=
ht=3D"1" src=3D"https://github.com/notifications/beacon/AORpyLXGUQ_BPBtdntH=
r8D5sWynvKFcKks5sc5KCgaJpZM4PDRoT.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
pull/385#issuecomment-325551535"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHub"=
></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@martinthomson in #3=
85: With coalescing, this still applies to the one certificate.  A connecti=
on might be good for `evil.com`, but not for `bank.com`, even when both app=
ear in the same certificate.  That might be because `bank.com` has a pinnin=
g rule or Expect-CT or any one of a host of other reasons that a certificat=
e might appear OK, but not be (the variety of reasons being why certificate=
s are a nightmare of complexity).\r\n\r\nThis draft probably doesn't want t=
o get into the details of the `CERTIFICATE` frame.  In your examples, an `O=
RIGIN` frame for origin that the server on this connection isn't authoritat=
ive for can - or maybe SHOULD - be ignored.  That ignoring can stop at the =
point that the server becomes authoritative for any reason (straw man examp=
le that isn't `CERTIFICATE`: the `notBefore` time might pass)."}],"action":=
{"name":"View Pull Request","url":"https://github.com/httpwg/http-extension=
s/pull/385#issuecomment-325551535"}}}</script>=

----==_mimepart_59a4ec82d2583_153f3fdc99091c348104c--


From nobody Mon Aug 28 21:27:59 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.615
X-Spam-Level: 
X-Spam-Status: No, score=-5.615 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 28 Aug 2017 21:27:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1503980876; bh=/5wYWEAY80gAZRIa6O65vtheTS/I6DLgSUyW6epys7g=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=MEUPcARsnz/nXpGbuHn38VyImTIUt5OjWEfHcoqAUc+TAWJqLQH+fIAM2nz0sQe01 UsqKyYmfFbFGyIUIHov+eHDiOI3QqhGjtUzv6YLaTaRCVqi9IS5Yd7/aPVKUJpYw5L 4sGXewQrppDavEb1oJRVnYlAsxDdHGgpQPuv5Aks=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] The matching rules in 2818 all apply (#387)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a4ed4c1b1f5_497e3ff128741c3490594"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/tbBLBjOsQkv3DAtq7asZHs7_Jx0>
Message-ID: <mailman.1805.1503980879.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 04:27:58 -0000

----==_mimepart_59a4ed4c1b1f5_497e3ff128741c3490594
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

...not just the wildcard ones.
You can view, comment on, or merge this pull request online at:

  https://github.com/httpwg/http-extensions/pull/387

-- Commit Summary --

  * The matching rules in 2818 all apply

-- File Changes --

    M draft-ietf-httpbis-origin-frame.md (4)

-- Patch Links --

https://github.com/httpwg/http-extensions/pull/387.patch
https://github.com/httpwg/http-extensions/pull/387.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/387

----==_mimepart_59a4ed4c1b1f5_497e3ff128741c3490594
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>...not just the wildcard ones.</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>&nbsp;&nbsp;<a href='https://github.com/httpwg/http-extensions/pull/387'>https://github.com/httpwg/http-extensions/pull/387</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>The matching rules in 2818 all apply</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/httpwg/http-extensions/pull/387/files#diff-0">draft-ietf-httpbis-origin-frame.md</a>
    (4)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/httpwg/http-extensions/pull/387.patch'>https://github.com/httpwg/http-extensions/pull/387.patch</a></li>
  <li><a href='https://github.com/httpwg/http-extensions/pull/387.diff'>https://github.com/httpwg/http-extensions/pull/387.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/387">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKVoCeOkhr1NvjfKaEnZAHCYtyibks5sc5NMgaJpZM4PFXeQ">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyGuFNZeP-c_bjVeY6mMTrZh7_kcbks5sc5NMgaJpZM4PFXeQ.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/387"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"The matching rules in 2818 all apply (#387)"}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/387"}}}</script>

----==_mimepart_59a4ed4c1b1f5_497e3ff128741c3490594--


From nobody Mon Aug 28 21:29:52 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.181
X-Spam-Level: 
X-Spam-Status: No, score=-3.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=4EEUgq5EpKxHGcQSQK8we+nYA28=; b=AxR+/BVB0Tv/lUhC KiRepb4FCsyZ5kFbgNbXWWmmQTXcc176rsND/j1sSUXmQmbLW+wTU3i3j8kjCpzC 1vk+sVh/KqtSvNerd36QogIMuP+2RQ7+lSL3PgCfb/sy+APlfr1gkDCEzLbS5B9I 2gB1kp7ERjst67fL8X6w9BdKFEs=
Date: Tue, 29 Aug 2017 04:29:47 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a4edbb6063_4f2f3ff293b05c3c45325"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/JXDki-oS4GAxoeRSxPsdvu_Gqa0>
Message-ID: <mailman.1806.1503980991.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 04:29:50 -0000

----==_mimepart_59a4edbb6063_4f2f3ff293b05c3c45325
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

As for this PR, the better question is: how does a server learn that its certificate isn't good enough?  It's a much bigger question, but probably better worth addressing directly.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325552091
----==_mimepart_59a4edbb6063_4f2f3ff293b05c3c45325
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>As for this PR, the better question is: how does a server learn that its certificate isn't good enough?  It's a much bigger question, but probably better worth addressing directly.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/385#issuecomment-325552091">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyNbzBqSrYhQ3wDQzDRsgr3BD2-wrks5sc5O7gaJpZM4PDRoT">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyDKYCUvpUDYYZrcI_IOk3NMW1O05ks5sc5O7gaJpZM4PDRoT.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/385#issuecomment-325552091"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@martinthomson in #385: As for this PR, the better question is: how does a server learn that its certificate isn't good enough?  It's a much bigger question, but probably better worth addressing directly."}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/385#issuecomment-325552091"}}}</script>
----==_mimepart_59a4edbb6063_4f2f3ff293b05c3c45325--


From nobody Mon Aug 28 21:46:10 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.381
X-Spam-Level: 
X-Spam-Status: No, score=-5.381 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Mon, 28 Aug 2017 21:46:05 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1503981965; bh=T/95MSfBDMrEEetlpxoEUAnkIr/OpnHMMhY1TuO31Nw=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=PQQCIvXHwtcPH2tWKZb4cSj+sebstm7d9kqU8iS3J8/GlSDF/NkhxcZLILfd4VT1u pCzorUragOUU/WwreIrOdz6OV4fFapouRvUJ97eAYrcX1SMsA0Q4FME2nM9ntg+shY jr08Trrew1T62XsUVNQ18ANDFVi4MdEZYe6sqf5Y=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/387@github.com>
References: <httpwg/http-extensions/pull/387@github.com>
Subject: Re: [httpwg/http-extensions] The matching rules in 2818 all apply (#387)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a4f18d2e207_2e6403fcc76941c2c35576"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/6HvNgwIdkR4qqZ-dWA8kbzhjErA>
Message-ID: <mailman.1810.1503981968.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 04:46:08 -0000

----==_mimepart_59a4f18d2e207_2e6403fcc76941c2c35576
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Merged #387.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/387#event-1224920839
----==_mimepart_59a4f18d2e207_2e6403fcc76941c2c35576
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Merged <a href="https://github.com/httpwg/http-extensions/pull/387" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/387" data-id="253526087" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#387</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/pull/387#event-1224920839">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyM9PdKhadtbL16AgynhFjvekyMrBks5sc5eNgaJpZM4PFXeQ">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyHpKyh1NYbdFKjdzbwMgYtgY54uIks5sc5eNgaJpZM4PFXeQ.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/pull/387#event-1224920839"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Merged #387."}],"action":{"name":"View Pull Request","url":"https://github.com/httpwg/http-extensions/pull/387#event-1224920839"}}}</script>
----==_mimepart_59a4f18d2e207_2e6403fcc76941c2c35576--


From nobody Tue Aug 29 19:05:29 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level: 
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Tue, 29 Aug 2017 19:05:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1504058725; bh=rZzNZY8Fisfjg+20hZ5G1xaFsPpxmMKtI5BJGwIH7vA=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=rVG/xfrJIxP4+E14EUryMNpU1XdwbP3y6ajQKyTC/zK93OJNsokgo0Fh9PRPNSHba qHiiLDsyjomb57ZKIDKlK+k/Lzc4qzMySfgVwJAYPUU0C5o8oEfds8fMn6fJVl+Fyc EmHGRhENn/g8+4sRyAnuqiorLW5JqK5XlZBZQOGU=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/pull/385@github.com>
References: <httpwg/http-extensions/pull/385@github.com>
Subject: Re: [httpwg/http-extensions] ORIGIN: reject origins on non-authoritative connection. (#385)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a61d657568f_61433fda46bc3c3832943"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/qw71j0t7kPy_dUmcbagWGX9OCMc>
Message-ID: <mailman.1962.1504058728.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 02:05:28 -0000

----==_mimepart_59a61d657568f_61433fda46bc3c3832943
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

We've talked about having a more specific stream error than PROTOCOL_ERROR for unauthoritative pushes; we agreed to wait for secondary certs to be defined in #355.

For client-initiated requests, an ORIGIN containing an origin that the current cert(s) held by the client doesn't cover implies that it can't be used on that connection until some sort of proof is obtained (probably a secondary cert). I think that's well covered by the current spec; it doesn't imply an error, because the Origin Set is *never* used as the sole source of truth regarding what the conn is good for. If you can suggest clarifications to improve understanding of this, they're welcome, but I don't *think* doing so requires new spec language.

WRT the server learning about whether a cert is good enough -- yes, but I think that's an issue for secondary certs. Probably.

BTW, @PiotrSikora - we prefer issues to be raised separately, not as PRs; it makes them more discoverable. 


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/pull/385#issuecomment-325856699
----==_mimepart_59a61d657568f_61433fda46bc3c3832943
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>We've talked about having a more specific stream error than PROTOCOL_E=
RROR for unauthoritative pushes; we agreed to wait for secondary certs to=
 be defined in <a href=3D"https://github.com/httpwg/http-extensions/issue=
s/355" class=3D"issue-link js-issue-link" data-url=3D"https://github.com/=
httpwg/http-extensions/issues/355" data-id=3D"232157956" data-error-text=3D=
"Failed to load issue title" data-permission-text=3D"Issue title is priva=
te">#355</a>.</p>
<p>For client-initiated requests, an ORIGIN containing an origin that the=
 current cert(s) held by the client doesn't cover implies that it can't b=
e used on that connection until some sort of proof is obtained (probably =
a secondary cert). I think that's well covered by the current spec; it do=
esn't imply an error, because the Origin Set is <em>never</em> used as th=
e sole source of truth regarding what the conn is good for. If you can su=
ggest clarifications to improve understanding of this, they're welcome, b=
ut I don't <em>think</em> doing so requires new spec language.</p>
<p>WRT the server learning about whether a cert is good enough -- yes, bu=
t I think that's an issue for secondary certs. Probably.</p>
<p>BTW, <a href=3D"https://github.com/piotrsikora" class=3D"user-mention"=
>@PiotrSikora</a> - we prefer issues to be raised separately, not as PRs;=
 it makes them more discoverable.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/pull/385#issuecomment-325856699">view it on GitHub</a>=
, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyGX=
p4Fp8dlz47gLMZbuGgY8GHYepks5sdMNlgaJpZM4PDRoT">mute the thread</a>.<img a=
lt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AORpy=
JRtKXuYg2KskDf3WTFc0_cl5u_Gks5sdMNlgaJpZM4PDRoT.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/pull/385#issuecomment-325856699"></link>
  <meta itemprop=3D"name" content=3D"View Pull Request"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Pull Request on GitHu=
b"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@m=
not in #385: We've talked about having a more specific stream error than =
PROTOCOL_ERROR for unauthoritative pushes; we agreed to wait for secondar=
y certs to be defined in #355.\r\n\r\nFor client-initiated requests, an O=
RIGIN containing an origin that the current cert(s) held by the client do=
esn't cover implies that it can't be used on that connection until some s=
ort of proof is obtained (probably a secondary cert). I think that's well=
 covered by the current spec; it doesn't imply an error, because the Orig=
in Set is *never* used as the sole source of truth regarding what the con=
n is good for. If you can suggest clarifications to improve understanding=
 of this, they're welcome, but I don't *think* doing so requires new spec=
 language.\r\n\r\nWRT the server learning about whether a cert is good en=
ough -- yes, but I think that's an issue for secondary certs. Probably.\r=
\n\r\nBTW, @PiotrSikora - we prefer issues to be raised separately, not a=
s PRs; it makes them more discoverable. \r\n"}],"action":{"name":"View Pu=
ll Request","url":"https://github.com/httpwg/http-extensions/pull/385#iss=
uecomment-325856699"}}}</script>=

----==_mimepart_59a61d657568f_61433fda46bc3c3832943--


From nobody Wed Aug 30 13:26:57 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.8
X-Spam-Level: 
X-Spam-Status: No, score=-9.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Wed, 30 Aug 2017 13:26:53 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1504124813; bh=AVR9ude54FIo5lFwDa4LN7cvFGY2VYWyDXWBFltmZpU=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=SvQKERJMWNnCDNNjd6zU7nfvJwv+blhO+dd2emqwV7BthG1w1Y2kIQ2zZDSHJEd4b KCTYrs04/9vHL46R8CWTO02p1j842lcN2cSpLviqrF1GJ4zQu99m0mECkX83shmRVZ K5nS8HMFfR/hjbPf96WslroXXq6MGKGppUEVGGwQ=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a71f8d65530_eb3c3fc7bcfddc34965e0"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/UWHP6FUHP4WLnZ8K7GblbaDUUts>
Message-ID: <mailman.2118.1504124817.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 20:26:57 -0000

----==_mimepart_59a71f8d65530_eb3c3fc7bcfddc34965e0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Thanks everyone for the feedback. =


Nomenclature discussions on "CDN" vs.  "widget" vs "3P" aside, I agree wi=
th Yoav that subresource optimization is a _critical_ use case for CH and=
 not something we can omit. It may be the case that some particular hints=
 make sense to be scoped to first-party only, but that's a discussion we =
should have in the context of individual hints; as a general mechanism, C=
H must support delivery of hints to all origins, possibly with knobs for =
1P origin to control which 3P origins are allowed to receive hints. =


**Current proposal for `Accept-CH-Lifetime` is to allow hint preferences =
to be registered by any origin.** The limitation, as pointed out in discu=
ssion above, is that it doesn't provide any distinction between 1P or 3P =
opt-in. To that end, we discussed a few options:

1. We can add double-keying to scope 3P registrations to within 1P origin=
 =E2=80=94 i.e. 3P registration on foo.com does not propagate to same 3P =
origin on bar.com.
1. We can further restrict 3P ability to register for hints by requiring =
that 1P opts in for receiving CH hints =E2=80=94 i.e. what @arturjanc pro=
posed above.

FWIW, I think (1) is the right behavior, from a user perspective. However=
, what it doesn't address is the 1P -> 3P delegation case where 1P origin=
 may want to control if (and which) 3P is allowed to request CH. @arturja=
nc's proposal (b) is an attempt at this, but a fairly blunt one: 3P is al=
lowed to receive hints if 1P opt's in, but this is a blanket policy for a=
ll 3P origins and it similarly doesn't provide any fine grained control f=
or which hints are allowed to be requested. If we all agree that the "1P =
-> 3P hint delegation" use case is an important one, I think we need to e=
xplore mechanisms beyond (b). =


To that end, squinting at this space, I see close parallels to Feature Po=
licy: we have features (hints) that we want to selectively enable/disable=
, and we may want to scope them to a list of origins =E2=80=94 e.g. enabl=
e them for "self" / 1P only, selectively enable them for some set of orig=
ins, or disable them outright. And so, here's my crazy proposal of the da=
y: =


1. ACL registrations should be double keyed -- see (1).
1. Control over which hints are enabled, plus delegation, should (?) be a=
ddressed via Feature Policy. =


```
Feature-Policy: {
   "ch-dpr": ["self"],  // DPR hint is 1P only
   "ch-ex1": ["self", "foo.com", "bar.com"],  // ex1 hint is 1P + select =
3P
   "ch-ex2": [] // ex2 hint is disabled for everyone
} =

```

The other benefit here is that this opens a well-defined way to think abo=
ut a "default FP policy" for each hint. For example, some hints may be re=
stricted by the UA to be 1P only, other may be on-by-default for everyone=
 (e.g. save-data), and others may be off by default.

WDYT? Crazy talk? :)

/cc @clelland @rbyers

-- =

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-3261088=
26=

----==_mimepart_59a71f8d65530_eb3c3fc7bcfddc34965e0
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Thanks everyone for the feedback.</p>
<p>Nomenclature discussions on "CDN" vs.  "widget" vs "3P" aside, I agree=
 with Yoav that subresource optimization is a <em>critical</em> use case =
for CH and not something we can omit. It may be the case that some partic=
ular hints make sense to be scoped to first-party only, but that's a disc=
ussion we should have in the context of individual hints; as a general me=
chanism, CH must support delivery of hints to all origins, possibly with =
knobs for 1P origin to control which 3P origins are allowed to receive hi=
nts.</p>
<p><strong>Current proposal for <code>Accept-CH-Lifetime</code> is to all=
ow hint preferences to be registered by any origin.</strong> The limitati=
on, as pointed out in discussion above, is that it doesn't provide any di=
stinction between 1P or 3P opt-in. To that end, we discussed a few option=
s:</p>
<ol>
<li>We can add double-keying to scope 3P registrations to within 1P origi=
n =E2=80=94 i.e. 3P registration on foo.com does not propagate to same 3P=
 origin on bar.com.</li>
<li>We can further restrict 3P ability to register for hints by requiring=
 that 1P opts in for receiving CH hints =E2=80=94 i.e. what <a href=3D"ht=
tps://github.com/arturjanc" class=3D"user-mention">@arturjanc</a> propose=
d above.</li>
</ol>
<p>FWIW, I think (1) is the right behavior, from a user perspective. Howe=
ver, what it doesn't address is the 1P -&gt; 3P delegation case where 1P =
origin may want to control if (and which) 3P is allowed to request CH. <a=
 href=3D"https://github.com/arturjanc" class=3D"user-mention">@arturjanc<=
/a>'s proposal (b) is an attempt at this, but a fairly blunt one: 3P is a=
llowed to receive hints if 1P opt's in, but this is a blanket policy for =
all 3P origins and it similarly doesn't provide any fine grained control =
for which hints are allowed to be requested. If we all agree that the "1P=
 -&gt; 3P hint delegation" use case is an important one, I think we need =
to explore mechanisms beyond (b).</p>
<p>To that end, squinting at this space, I see close parallels to Feature=
 Policy: we have features (hints) that we want to selectively enable/disa=
ble, and we may want to scope them to a list of origins =E2=80=94 e.g. en=
able them for "self" / 1P only, selectively enable them for some set of o=
rigins, or disable them outright. And so, here's my crazy proposal of the=
 day:</p>
<ol>
<li>ACL registrations should be double keyed -- see (1).</li>
<li>Control over which hints are enabled, plus delegation, should (?) be =
addressed via Feature Policy.</li>
</ol>
<pre><code>Feature-Policy: {
   "ch-dpr": ["self"],  // DPR hint is 1P only
   "ch-ex1": ["self", "foo.com", "bar.com"],  // ex1 hint is 1P + select =
3P
   "ch-ex2": [] // ex2 hint is disabled for everyone
} =

</code></pre>
<p>The other benefit here is that this opens a well-defined way to think =
about a "default FP policy" for each hint. For example, some hints may be=
 restricted by the UA to be 1P only, other may be on-by-default for every=
one (e.g. save-data), and others may be off by default.</p>
<p>WDYT? Crazy talk? :)</p>
<p>/cc <a href=3D"https://github.com/clelland" class=3D"user-mention">@cl=
elland</a> <a href=3D"https://github.com/rbyers" class=3D"user-mention">@=
RByers</a></p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/372#issuecomment-326108826">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
LcDBScmKybs_WEscJOc9DyDAdivks5sdcWNgaJpZM4Oc7TI">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyFEJtK_AgMeeIIeaDNuvJwUcz_tvks5sdcWNgaJpZM4Oc7TI.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/372#issuecomment-326108826"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@i=
grigorik in #372: Thanks everyone for the feedback. \r\n\r\nNomenclature =
discussions on \"CDN\" vs.  \"widget\" vs \"3P\" aside, I agree with Yoav=
 that subresource optimization is a _critical_ use case for CH and not so=
mething we can omit. It may be the case that some particular hints make s=
ense to be scoped to first-party only, but that's a discussion we should =
have in the context of individual hints; as a general mechanism, CH must =
support delivery of hints to all origins, possibly with knobs for 1P orig=
in to control which 3P origins are allowed to receive hints. \r\n\r\n**Cu=
rrent proposal for `Accept-CH-Lifetime` is to allow hint preferences to b=
e registered by any origin.** The limitation, as pointed out in discussio=
n above, is that it doesn't provide any distinction between 1P or 3P opt-=
in. To that end, we discussed a few options:\r\n\r\n1. We can add double-=
keying to scope 3P registrations to within 1P origin =E2=80=94 i.e. 3P re=
gistration on foo.com does not propagate to same 3P origin on bar.com.\r\=
n1. We can further restrict 3P ability to register for hints by requiring=
 that 1P opts in for receiving CH hints =E2=80=94 i.e. what @arturjanc pr=
oposed above.\r\n\r\nFWIW, I think (1) is the right behavior, from a user=
 perspective. However, what it doesn't address is the 1P -\u003e 3P deleg=
ation case where 1P origin may want to control if (and which) 3P is allow=
ed to request CH. @arturjanc's proposal (b) is an attempt at this, but a =
fairly blunt one: 3P is allowed to receive hints if 1P opt's in, but this=
 is a blanket policy for all 3P origins and it similarly doesn't provide =
any fine grained control for which hints are allowed to be requested. If =
we all agree that the \"1P -\u003e 3P hint delegation\" use case is an im=
portant one, I think we need to explore mechanisms beyond (b). \r\n\r\nTo=
 that end, squinting at this space, I see close parallels to Feature Poli=
cy: we have features (hints) that we want to selectively enable/disable, =
and we may want to scope them to a list of origins =E2=80=94 e.g. enable =
them for \"self\" / 1P only, selectively enable them for some set of orig=
ins, or disable them outright. And so, here's my crazy proposal of the da=
y: \r\n\r\n1. ACL registrations should be double keyed -- see (1).\r\n1. =
Control over which hints are enabled, plus delegation, should (?) be addr=
essed via Feature Policy. \r\n\r\n```\r\nFeature-Policy: {\r\n   \"ch-dpr=
\": [\"self\"],  // DPR hint is 1P only\r\n   \"ch-ex1\": [\"self\", \"fo=
o.com\", \"bar.com\"],  // ex1 hint is 1P + select 3P\r\n   \"ch-ex2\": [=
] // ex2 hint is disabled for everyone\r\n} \r\n```\r\n\r\nThe other bene=
fit here is that this opens a well-defined way to think about a \"default=
 FP policy\" for each hint. For example, some hints may be restricted by =
the UA to be 1P only, other may be on-by-default for everyone (e.g. save-=
data), and others may be off by default.\r\n\r\nWDYT? Crazy talk? :)\r\n\=
r\n/cc @clelland @rbyers"}],"action":{"name":"View Issue","url":"https://=
github.com/httpwg/http-extensions/issues/372#issuecomment-326108826"}}}</=
script>=

----==_mimepart_59a71f8d65530_eb3c3fc7bcfddc34965e0--


From nobody Wed Aug 30 14:45:32 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level: 
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=cUX8QdOHKEuA1wFBanjBvDCv+4U=; b=JdSLs9Ti6fRrNB/t fhg92LPFY3UJJlg3tt1N77KwyMongYT2OTytxyEpXh1rXA9+46dRmABz4SR7RgmQ +hVy1nu/2hp6Oq9xke05lK/N/rDwa7hIvR7i5VLX12sBurEdIOQ5gmI9rxDu8OYC LGjmGPRuM90IJ3b/nbNYmPlHn+w=
Date: Wed, 30 Aug 2017 21:45:26 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a731f667ed7_6f3a3fe6fbfcbc3884445"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/840Abiei-6Zqy74Ct1I6mxF3QpU>
Message-ID: <mailman.2141.1504129531.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 21:45:30 -0000

----==_mimepart_59a731f667ed7_6f3a3fe6fbfcbc3884445
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

It's not the craziest thing I've read today :)

It's a bit mind-stretching to think of these as features, but it definitely is a kind of power or trust that is being delegated to other origins by the embedding page, so it's not *too far* from the goals of feature policy.

One question I would bring up would be regarding the inheritance of ACL in deeply-nested frame trees -- Feature Policy's model is that once disabled in an frame, a feature can never be reenabled by any subcontent; I wouldn't want to break that invariant without a real compelling case.

With the FP model, if `a.com` embeds `b.com`, and does not grant it the ability to receive hints, then it is not possible for `b.com` to embed a fourth-party, `c.com`, and have hints sent to *that* domain instead. That sounds like desirable behavior to me, but I don't think it's been brought up on this thread yet.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-326128273
----==_mimepart_59a731f667ed7_6f3a3fe6fbfcbc3884445
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>It's not the craziest thing I've read today :)</p>
<p>It's a bit mind-stretching to think of these as features, but it definit=
ely is a kind of power or trust that is being delegated to other origins by=
 the embedding page, so it's not <em>too far</em> from the goals of feature=
 policy.</p>
<p>One question I would bring up would be regarding the inheritance of ACL =
in deeply-nested frame trees -- Feature Policy's model is that once disable=
d in an frame, a feature can never be reenabled by any subcontent; I wouldn=
't want to break that invariant without a real compelling case.</p>
<p>With the FP model, if <code>a.com</code> embeds <code>b.com</code>, and =
does not grant it the ability to receive hints, then it is not possible for=
 <code>b.com</code> to embed a fourth-party, <code>c.com</code>, and have h=
ints sent to <em>that</em> domain instead. That sounds like desirable behav=
ior to me, but I don't think it's been brought up on this thread yet.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/372#issuecomment-326128273">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyEzhEM2mQxD=
VQrRV3ilPB635F__tks5sddf2gaJpZM4Oc7TI">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyJSK8_YWpw1CX=
d7CSjHBwW7p8f1Oks5sddf2gaJpZM4Oc7TI.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/372#issuecomment-326128273"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@clelland in #372: I=
t's not the craziest thing I've read today :)\r\n\r\nIt's a bit mind-stretc=
hing to think of these as features, but it definitely is a kind of power or=
 trust that is being delegated to other origins by the embedding page, so i=
t's not *too far* from the goals of feature policy.\r\n\r\nOne question I w=
ould bring up would be regarding the inheritance of ACL in deeply-nested fr=
ame trees -- Feature Policy's model is that once disabled in an frame, a fe=
ature can never be reenabled by any subcontent; I wouldn't want to break th=
at invariant without a real compelling case.\r\n\r\nWith the FP model, if `=
a.com` embeds `b.com`, and does not grant it the ability to receive hints, =
then it is not possible for `b.com` to embed a fourth-party, `c.com`, and h=
ave hints sent to *that* domain instead. That sounds like desirable behavio=
r to me, but I don't think it's been brought up on this thread yet."}],"act=
ion":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/=
issues/372#issuecomment-326128273"}}}</script>=

----==_mimepart_59a731f667ed7_6f3a3fe6fbfcbc3884445--


From nobody Wed Aug 30 14:51:44 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=GjpFyt1LA878yhRmuzKZi6TdDiQ=; b=C+kietmaIptQPONO CvRl+guwAfWg9kubgXBIVb21+0hwTe3sAEI3yv/tTYBXYZYoYSJ2wV38cSi1WShm AX1+2Y6iCoAlkCZ0L86VwXQL/yJptv5YY6TM1Lt6Fs9O7ODjOfMLPslNScj4ubXk OvmqgQ/2yWGSHSpOzRPc1KZIVvE=
Date: Wed, 30 Aug 2017 21:51:40 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a7336bb45f0_185c3fb2ca50dc341525d7"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/bR9HTtXyevclm3kxR5rfM3kOeXk>
Message-ID: <mailman.2142.1504129904.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 21:51:43 -0000

----==_mimepart_59a7336bb45f0_185c3fb2ca50dc341525d7
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I think FP's current inheritance behavior makes perfect sense in this context as well. If I disable use of a particular hint on my site, I expect this policy to propagate to all nested frames.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-326129661
----==_mimepart_59a7336bb45f0_185c3fb2ca50dc341525d7
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>I think FP's current inheritance behavior makes perfect sense in this context as well. If I disable use of a particular hint on my site, I expect this policy to propagate to all nested frames.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/372#issuecomment-326129661">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyEYG7zgANk0Edx_j3bRE3QXyrBsJks5sddlrgaJpZM4Oc7TI">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyFviMnmL54ZvtyndV53NTTP2T4wBks5sddlrgaJpZM4Oc7TI.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/372#issuecomment-326129661"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@igrigorik in #372: I think FP's current inheritance behavior makes perfect sense in this context as well. If I disable use of a particular hint on my site, I expect this policy to propagate to all nested frames."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/372#issuecomment-326129661"}}}</scrip
 t>
----==_mimepart_59a7336bb45f0_185c3fb2ca50dc341525d7--


From nobody Wed Aug 30 15:52:45 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.396
X-Spam-Level: 
X-Spam-Status: No, score=-8.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Wed, 30 Aug 2017 15:52:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1504133561; bh=qU2ZYOhUrD3oUnUw3ppWOITY32MvaquAq7Y7ZOiK8To=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=m1Xp82y99fhpus9IEdhFB+1ju+JRcEB63BmwQRAfLvGJZ29KKTKhWZuDvWaNLeFeT 2b6wHmPql9eDcduytbrEdT9WCyIOsk8bKt1mBZ3859DCr2ViF8tXJfyhWcAkLNcxIv 8CMy2bslQ3Ouj8Rg10GzWYEsiJtvhriK0GcvsE5A=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a741b9605aa_705f3fc9bcaebc384380"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/IamEBDLnaaIAE8_GwP7LvNd8OtQ>
Message-ID: <mailman.2151.1504133564.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 22:52:44 -0000

----==_mimepart_59a741b9605aa_705f3fc9bcaebc384380
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

> If we all agree that the "1P -> 3P hint delegation" use case is an important one

Naive question: IIUC, any information that can be obtained by an origin via client hints can also be obtained by that origin using a combination of Javascript and cookies. Is it currently possible for 1P origins to control Javascript/cookies behavior of 3P origins?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-326141388
----==_mimepart_59a741b9605aa_705f3fc9bcaebc384380
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<blockquote>
<p>If we all agree that the "1P -&gt; 3P hint delegation" use case is an =
important one</p>
</blockquote>
<p>Naive question: IIUC, any information that can be obtained by an origi=
n via client hints can also be obtained by that origin using a combinatio=
n of Javascript and cookies. Is it currently possible for 1P origins to c=
ontrol Javascript/cookies behavior of 3P origins?</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/372#issuecomment-326141388">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
PROvsGTzAn8cZTo4sDliP3s1yowks5sdee5gaJpZM4Oc7TI">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyKoMcEpGP1oiWSRHWsAmtqa-ykRaks5sdee5gaJpZM4Oc7TI.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/372#issuecomment-326141388"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@t=
arunban in #372: \u003e If we all agree that the \"1P -\u003e 3P hint del=
egation\" use case is an important one\r\n\r\nNaive question: IIUC, any i=
nformation that can be obtained by an origin via client hints can also be=
 obtained by that origin using a combination of Javascript and cookies. I=
s it currently possible for 1P origins to control Javascript/cookies beha=
vior of 3P origins?"}],"action":{"name":"View Issue","url":"https://githu=
b.com/httpwg/http-extensions/issues/372#issuecomment-326141388"}}}</scrip=
t>=

----==_mimepart_59a741b9605aa_705f3fc9bcaebc384380--


From nobody Wed Aug 30 16:12:14 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.402
X-Spam-Level: 
X-Spam-Status: No, score=-0.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=zQsutjWbRmIn+lkq6Nn7012xsBs=; b=Bd4ohcXftpam5zaO j4vbgjC6ad0mBCDzNTwXYV17zID0eEs+co9ILuj9VfR5b2uWsTkK2F0xf5NxuX1q dH1ephYxft/KLLJs3eyKu7PeZoxtlmxZFw/m5699Gr1FrNd2yQ8nS/uCDJszHuXt mfrocAA73RtkaR2Qm9ixkSDhuOc=
Date: Wed, 30 Aug 2017 23:12:09 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a74649283b7_111e3fa7d0a43c3056826"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/YTRN-eBEtBvogB0G56PDmn0tl2I>
Message-ID: <mailman.2156.1504134733.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 23:12:13 -0000

----==_mimepart_59a74649283b7_111e3fa7d0a43c3056826
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

At a high level, I am not sure why the client hints permission for foo.com is not the same as (permission for foo.com to run Javascript AND permission for foo.com to store cookies)?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-326144523
----==_mimepart_59a74649283b7_111e3fa7d0a43c3056826
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>At a high level, I am not sure why the client hints permission for foo.com is not the same as (permission for foo.com to run Javascript AND permission for foo.com to store cookies)?</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/372#issuecomment-326144523">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyKmLO9rKw_SKTK2uI9azz-Vd1bLOks5sdexJgaJpZM4Oc7TI">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyMGvAc3gburi6Za-mPQzAjGyV817ks5sdexJgaJpZM4Oc7TI.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/372#issuecomment-326144523"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@tarunban in #372: At a high level, I am not sure why the client hints permission for foo.com is not the same as (permission for foo.com to run Javascript AND permission for foo.com to store cookies)?"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/372#issuecomment-326144523"}}}</script>
----==_mimepart_59a74649283b7_111e3fa7d0a43c3056826--


From nobody Wed Aug 30 16:20:02 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.596
X-Spam-Level: 
X-Spam-Status: No, score=-0.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=Te2tH1ljKcbzyXWAjmfWDZkZAUE=; b=BAeT2g1wmWVwWbU7 aXSVNj99QNvD0EB6KbmzN1uxyY2so4gvzY78q2Sun9GuYGzb5it5zQgBAv8n1mze jPor0tfqdMfWGduZIrtEfmZIxgbHDBIYrY+xbafCfnVm+VPP39iHonphGr9wB2aA 0V8OzF3LQUxeFtkXWTy0tg9Kv7A=
Date: Wed, 30 Aug 2017 23:19:57 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a7481d153e9_62ee3f83b7d17c3c130344"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/VTZXFvIa5PedEMGrviutd_cRAbA>
Message-ID: <mailman.2157.1504135201.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 23:20:00 -0000

----==_mimepart_59a7481d153e9_62ee3f83b7d17c3c130344
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

@tarunban the key difference here is passive content (e.g. images, audio, video, etc): today such resources/origins cannot obtain data that we expose with CH, unless there is active content executing in top level page and scheduling their fetches. I think it's reasonable for origins to have control over whether such passive content providers should be able to request data exposed by CH.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-326145664
----==_mimepart_59a7481d153e9_62ee3f83b7d17c3c130344
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><a href=3D"https://github.com/tarunban" class=3D"user-mention">@tarunban=
</a> the key difference here is passive content (e.g. images, audio, video,=
 etc): today such resources/origins cannot obtain data that we expose with =
CH, unless there is active content executing in top level page and scheduli=
ng their fetches. I think it's reasonable for origins to have control over =
whether such passive content providers should be able to request data expos=
ed by CH.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/372#issuecomment-326145664">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyEUKca_8ngS=
rAUWLwPpB8rRWtnGDks5sde4dgaJpZM4Oc7TI">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyLneYvic37_7t=
GIqZ2ciuasGSG3kks5sde4dgaJpZM4Oc7TI.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/372#issuecomment-326145664"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@igrigorik in #372: =
@tarunban the key difference here is passive content (e.g. images, audio, v=
ideo, etc): today such resources/origins cannot obtain data that we expose =
with CH, unless there is active content executing in top level page and sch=
eduling their fetches. I think it's reasonable for origins to have control =
over whether such passive content providers should be able to request data =
exposed by CH."}],"action":{"name":"View Issue","url":"https://github.com/h=
ttpwg/http-extensions/issues/372#issuecomment-326145664"}}}</script>=

----==_mimepart_59a7481d153e9_62ee3f83b7d17c3c130344--


From nobody Wed Aug 30 21:20:19 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.018
X-Spam-Level: 
X-Spam-Status: No, score=-2.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=yuGWwe46u7fbNA/AGReljz85LrE=; b=d1AX1LPcd6XDs6VJ DGgOBu1VGE95fVz4zF8vNin9M19JeyDoWtVA7sUJm6nNrGcmTw/jB+npbS0YjucF DciCfLuP3FIZREknD2vA9kaVBluWmuyh5RldMzrLTHWCIFY4mhS6MhCXvAE/cJ8y okvK1gYN0hTOWv4spKVaRuvRa8Y=
Date: Thu, 31 Aug 2017 04:20:15 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a78e7eb00ca_1a0ca3fb406ba9c2c98522"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/E8YnruhGH5ZReH8viWI2551snVE>
Message-ID: <mailman.2237.1504153218.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2017 04:20:18 -0000

----==_mimepart_59a78e7eb00ca_1a0ca3fb406ba9c2c98522
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Really interesting, Ilya. It *is* a big change :)

On the face of it, it seems workable. Feature Policy doesn't have a concept similar to `Accept-CH-Lifetime`; would that move into FP, or remain CH-specific?

I'm not crazy about the verbosity of `Feature-Policy`, nor the (relative) complexity. Also a bit concerned about making such a prominent part of CH an external dependency -- especially since FP is effectively browser-specific, whereas I suspect at least some people want CH to be applicable to other HTTP clients.

Still digesting...

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-326185471
----==_mimepart_59a78e7eb00ca_1a0ca3fb406ba9c2c98522
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Really interesting, Ilya. It <em>is</em> a big change :)</p>
<p>On the face of it, it seems workable. Feature Policy doesn't have a conc=
ept similar to <code>Accept-CH-Lifetime</code>; would that move into FP, or=
 remain CH-specific?</p>
<p>I'm not crazy about the verbosity of <code>Feature-Policy</code>, nor th=
e (relative) complexity. Also a bit concerned about making such a prominent=
 part of CH an external dependency -- especially since FP is effectively br=
owser-specific, whereas I suspect at least some people want CH to be applic=
able to other HTTP clients.</p>
<p>Still digesting...</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/372#issuecomment-326185471">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyPuOplybIg2=
uTXnF_OORzfYmZxsvks5sdjR-gaJpZM4Oc7TI">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyFytOIo2LR7EN=
pPOEZ55ISwOn92Pks5sdjR-gaJpZM4Oc7TI.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/372#issuecomment-326185471"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mnot in #372: Reall=
y interesting, Ilya. It *is* a big change :)\r\n\r\nOn the face of it, it s=
eems workable. Feature Policy doesn't have a concept similar to `Accept-CH-=
Lifetime`; would that move into FP, or remain CH-specific?\r\n\r\nI'm not c=
razy about the verbosity of `Feature-Policy`, nor the (relative) complexity=
. Also a bit concerned about making such a prominent part of CH an external=
 dependency -- especially since FP is effectively browser-specific, whereas=
 I suspect at least some people want CH to be applicable to other HTTP clie=
nts.\r\n\r\nStill digesting..."}],"action":{"name":"View Issue","url":"http=
s://github.com/httpwg/http-extensions/issues/372#issuecomment-326185471"}}}=
</script>=

----==_mimepart_59a78e7eb00ca_1a0ca3fb406ba9c2c98522--


From nobody Wed Aug 30 21:47:34 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.181
X-Spam-Level: 
X-Spam-Status: No, score=-8.181 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Wed, 30 Aug 2017 21:47:30 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1504154850; bh=p21XIAI/4NoyDwXSvgKnC/lGDtX79B0mZ7hKDwSRz7Q=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=vpGhGdZHxy/lFJgGibOfF0vOAaSkVXXIG4Pwa7UJ9NfYK1fkhjxXQJE1B9ZEpKKSh CWWlPkQaNyVpS/Em2lbXXudzW9DTUkrVG7TlgNXVJgQT7VCnHN7VM2/JhUI7dItBdj 6wLvoVUZ3xpt5sFEUfY/LHi8mXq5JcHhpUOjYBT8=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/330@github.com>
References: <httpwg/http-extensions/issues/330@github.com>
Subject: Re: [httpwg/http-extensions] Consulting the DNS on expanding ORIGIN set? (#330)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a794e22024_2c46f3fd7b7d4dc34117530"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/0n55exMTvx7K4N0gdxPDBckuBcw>
Message-ID: <mailman.2243.1504154854.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2017 04:47:33 -0000

----==_mimepart_59a794e22024_2c46f3fd7b7d4dc34117530
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

I remember some conversations about that (although I don't *think* it was in a WG session); the conclusion was that it probably wasn't worth the trouble. The biggest use case is sending the empty origin frame (i.e., limiting to SNI), which means that the DNS bypass is a no-op.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/330#issuecomment-326188679
----==_mimepart_59a794e22024_2c46f3fd7b7d4dc34117530
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>I remember some conversations about that (although I don't <em>think</=
em> it was in a WG session); the conclusion was that it probably wasn't w=
orth the trouble. The biggest use case is sending the empty origin frame =
(i.e., limiting to SNI), which means that the DNS bypass is a no-op.</p>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m=
dash;<br />You are receiving this because you are subscribed to this thre=
ad.<br />Reply to this email directly, <a href=3D"https://github.com/http=
wg/http-extensions/issues/330#issuecomment-326188679">view it on GitHub</=
a>, or <a href=3D"https://github.com/notifications/unsubscribe-auth/AORpy=
F1b6HYrZsHbsQjcqqjxA8a1oPyAks5sdjrigaJpZM4NEzUM">mute the thread</a>.<img=
 alt=3D"" height=3D"1" src=3D"https://github.com/notifications/beacon/AOR=
pyDCAux2No1h9V3pV_KLHI_SvfkADks5sdjrigaJpZM4NEzUM.gif" width=3D"1" /></p>=

<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi=
on">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extension=
s/issues/330#issuecomment-326188679"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me=
ta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio=
n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"=
:"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","titl=
e":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_ur=
l":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5=
d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubu=
sercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b5249811277=
7.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg=
/http-extensions"}},"updates":{"snippets":[{"icon":"PERSON","message":"@m=
not in #330: I remember some conversations about that (although I don't *=
think* it was in a WG session); the conclusion was that it probably wasn'=
t worth the trouble. The biggest use case is sending the empty origin fra=
me (i.e., limiting to SNI), which means that the DNS bypass is a no-op."}=
],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-ext=
ensions/issues/330#issuecomment-326188679"}}}</script>=

----==_mimepart_59a794e22024_2c46f3fd7b7d4dc34117530--


From nobody Thu Aug 31 00:34:05 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.798
X-Spam-Level: 
X-Spam-Status: No, score=-4.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com;  h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=zs4lLKo5FAJY7HlR3rmpM1UX2kU=; b=Ng0qKFmFsLMe0Pu1 pN2/wN+JFIWfa2mOt3Zsx0lcVoS0Ucoh9w/CAP8e8B1KrWW685xPMzhIR1pv3aWy ZdzGKBTqhLkAmEqss0ICGDHggBBFP/kYDaJatA9hXE9fomvViwmiAiqnGOjFPKxh 8SYhn1GGIQOLSA8rUZbGm4sCc00=
Date: Thu, 31 Aug 2017 07:34:00 +0000 (UTC)
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/372@github.com>
References: <httpwg/http-extensions/issues/372@github.com>
Subject: Re: [httpwg/http-extensions] Accept-CH-Lifetime privacy concerns (#372)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a7bbe7c74a8_16403fbb9642fc344603c"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/X6vXv9BaCO1nHA97WUbYasWkUk0>
Message-ID: <mailman.2283.1504164844.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2017 07:34:03 -0000

----==_mimepart_59a7bbe7c74a8_16403fbb9642fc344603c
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Interesting indeed!
a few thoughts:
* FP's inheritance model makes some sense, but *is* more restrictive than info that iframes currently have (as iframes are *not* passive content). Would've been great if we could limit exposure of privacy sensitive info to 3rd party passive content while enabling it for active content (by allowing new contexts to override). One use case I can think of is an ad iframe that wants to do the right thing in terms of DPR/viewport based image compression will now require all embedding sites to opt-in, which most won't.
* This will obsolete `Accept-CH` entirely, correct?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/372#issuecomment-326215025
----==_mimepart_59a7bbe7c74a8_16403fbb9642fc344603c
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p>Interesting indeed!<br>
a few thoughts:</p>
<ul>
<li>FP's inheritance model makes some sense, but <em>is</em> more restricti=
ve than info that iframes currently have (as iframes are <em>not</em> passi=
ve content). Would've been great if we could limit exposure of privacy sens=
itive info to 3rd party passive content while enabling it for active conten=
t (by allowing new contexts to override). One use case I can think of is an=
 ad iframe that wants to do the right thing in terms of DPR/viewport based =
image compression will now require all embedding sites to opt-in, which mos=
t won't.</li>
<li>This will obsolete <code>Accept-CH</code> entirely, correct?</li>
</ul>

<p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&mda=
sh;<br />You are receiving this because you are subscribed to this thread.<=
br />Reply to this email directly, <a href=3D"https://github.com/httpwg/htt=
p-extensions/issues/372#issuecomment-326215025">view it on GitHub</a>, or <=
a href=3D"https://github.com/notifications/unsubscribe-auth/AORpyEzljhJ2tkX=
YknVLZgsB8jY2DeTyks5sdmHngaJpZM4Oc7TI">mute the thread</a>.<img alt=3D"" he=
ight=3D"1" src=3D"https://github.com/notifications/beacon/AORpyGm4G0O508r-F=
OyexRFjrmfFeok-ks5sdmHngaJpZM4Oc7TI.gif" width=3D"1" /></p>
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAction=
">
  <link itemprop=3D"url" href=3D"https://github.com/httpwg/http-extensions/=
issues/372#issuecomment-326215025"></link>
  <meta itemprop=3D"name" content=3D"View Issue"></meta>
</div>
<meta itemprop=3D"description" content=3D"View this Issue on GitHub"></meta>
</div>

<script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_version"=
:"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"Gi=
tHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"ht=
tpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"http=
s://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-9=
5fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.c=
om/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action=
":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions=
"}},"updates":{"snippets":[{"icon":"PERSON","message":"@yoavweiss in #372: =
Interesting indeed!\r\na few thoughts:\r\n* FP's inheritance model makes so=
me sense, but *is* more restrictive than info that iframes currently have (=
as iframes are *not* passive content). Would've been great if we could limi=
t exposure of privacy sensitive info to 3rd party passive content while ena=
bling it for active content (by allowing new contexts to override). One use=
 case I can think of is an ad iframe that wants to do the right thing in te=
rms of DPR/viewport based image compression will now require all embedding =
sites to opt-in, which most won't.\r\n* This will obsolete `Accept-CH` enti=
rely, correct?"}],"action":{"name":"View Issue","url":"https://github.com/h=
ttpwg/http-extensions/issues/372#issuecomment-326215025"}}}</script>=

----==_mimepart_59a7bbe7c74a8_16403fbb9642fc344603c--


From nobody Thu Aug 31 09:26:14 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.595
X-Spam-Level: 
X-Spam-Status: No, score=-5.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 31 Aug 2017 09:26:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1504196769; bh=9QKSTdKCKSnIs1fTlq2Vv4q88+EZ/BWT55VFh2m1ktc=; h=From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=VV8jYeXYtxnEuzMw6lHFXj+eau1D5ZxTFkk+2/1FlZzN/jNsx8a6YjU2AwLIcsWaU gJMAgSXA9JjzPXKohqSl87MuaLMNzF/5BjbCXxBz7X0YcMu4rsl+Q0tbJZAgbx+Bgx 5C/oyeqievRdi6kv2sC+g6+jwcv9IUCm9Vz3MQdU=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] How does the CSP syntax fit into the header structure? (#388)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a838a1a685f_ba5c3fd953a69c3c1070fa"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/J2v-ht8pws1zTsG0n2T5Z6PpO1M>
Message-ID: <mailman.2417.1504196773.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2017 16:26:12 -0000

----==_mimepart_59a838a1a685f_ba5c3fd953a69c3c1070fa
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-01?#appendix-A surveys the 723* RFCs but not, for example, https://www.w3.org/TR/CSP2/#content-security-policy-header-field. You probably should include that example of structured data in your analysis.

https://github.com/WICG/feature-policy/issues/78 proposes to extend the CSP format into a new non-CSP header. Should they be considering draft-ietf-httpbis-header-structure?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/388
----==_mimepart_59a838a1a685f_ba5c3fd953a69c3c1070fa
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p><a href="https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-01?#appendix-A">https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-01?#appendix-A</a> surveys the 723* RFCs but not, for example, <a href="https://www.w3.org/TR/CSP2/#content-security-policy-header-field">https://www.w3.org/TR/CSP2/#content-security-policy-header-field</a>. You probably should include that example of structured data in your analysis.</p>
<p><a href="https://github.com/WICG/feature-policy/issues/78" class="issue-link js-issue-link" data-url="https://github.com/WICG/feature-policy/issues/78" data-id="234555224" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">WICG/feature-policy#78</a> proposes to extend the CSP format into a new non-CSP header. Should they be considering draft-ietf-httpbis-header-structure?</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/388">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyLPu6JPmuoNDAiXi4Ncr6RWqOZARks5sdt6hgaJpZM4PJFZR">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyIOyhNHJSJK_fxjfrNtxAJJejqPhks5sdt6hgaJpZM4PJFZR.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/388"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"How does the CSP syntax fit into the header structure? (#388)"}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/388"}}}</script>
----==_mimepart_59a838a1a685f_ba5c3fd953a69c3c1070fa--


From nobody Thu Aug 31 22:42:22 2017
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.182
X-Spam-Level: 
X-Spam-Status: No, score=-8.182 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Date: Thu, 31 Aug 2017 22:42:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1504244537; bh=mePM31IuEPZDqAcFL1FTNGJgVTJn1uZ0ALJG3Qmdj28=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=P1XxwZxQbfQKWfVJNmxjN0zLzXqKddwQ3Fwh8dbMagk++U9HTQzz7yQfGYq3FLqK7 HYcrx3q0qkUHXTv6JY6/0Mgzme4T3vu+CLFaF+4PK/lxeRjJ95/lPKAt6Zlkyrp/DR VqBC+06Cgvs2V2vcaKf2/ibPOeIrK7RYk/TFJ7jw=
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
In-Reply-To: <httpwg/http-extensions/issues/386@github.com>
References: <httpwg/http-extensions/issues/386@github.com>
Subject: Re: [httpwg/http-extensions] AUTH48 changes for rfc5987bis (#386)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_59a8f339df729_24613f8756575c3490736"; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/0TX4oD2q7ijogh2rDhFLPuacYXk>
Message-ID: <mailman.2513.1504244541.27205.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Sep 2017 05:42:20 -0000

----==_mimepart_59a8f339df729_24613f8756575c3490736
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Reopened #386.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/httpwg/http-extensions/issues/386#event-1230779656
----==_mimepart_59a8f339df729_24613f8756575c3490736
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

<p>Reopened <a href="https://github.com/httpwg/http-extensions/issues/386" class="issue-link js-issue-link" data-url="https://github.com/httpwg/http-extensions/issues/386" data-id="253140084" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#386</a>.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/httpwg/http-extensions/issues/386#event-1230779656">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AORpyJ--zeVZD9RaTrsIf7XBGL86UzjJks5sd5k5gaJpZM4PDsiA">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AORpyP4FqUccn15t7VBbLO5Y5Wfn7ZRCks5sd5k5gaJpZM4PDsiA.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/httpwg/http-extensions/issues/386#event-1230779656"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/httpwg/http-extensions","title":"httpwg/http-extensions","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/httpwg/http-extensions"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Reopened #386."}],"action":{"name":"View Issue","url":"https://github.com/httpwg/http-extensions/issues/386#event-1230779656"}}}</script>
----==_mimepart_59a8f339df729_24613f8756575c3490736--