Fwd: New Version Notification for draft-nottingham-site-wide-headers-00.txt

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: New Version Notification for draft-nottingham-site-wide-headers-00.txt

Mark Nottingham-2
FYI. Prettier version at:
  https://mnot.github.io/I-D/site-wide-headers/

Mike West has a slightly different approach at:
  https://mikewest.github.io/origin-policy/

Thoughts?


> Begin forwarded message:
>
> From: [hidden email]
> Subject: New Version Notification for draft-nottingham-site-wide-headers-00.txt
> Date: 3 August 2016 at 1:03:57 PM GMT+2
> To: "Mark Nottingham" <[hidden email]>
>
>
> A new version of I-D, draft-nottingham-site-wide-headers-00.txt
> has been successfully submitted by Mark Nottingham and posted to the
> IETF repository.
>
> Name: draft-nottingham-site-wide-headers
> Revision: 00
> Title: Site-Wide HTTP Headers
> Document date: 2016-08-03
> Group: Individual Submission
> Pages: 10
> URL:            https://www.ietf.org/internet-drafts/draft-nottingham-site-wide-headers-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-nottingham-site-wide-headers/
> Htmlized:       https://tools.ietf.org/html/draft-nottingham-site-wide-headers-00
>
>
> Abstract:
>   This document specifies an alternative way for Web sites to send HTTP
>   response header fields that apply to large numbers of resources, to
>   improve efficiency.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>

--
Mark Nottingham   https://www.mnot.net/





Reply | Threaded
Open this post in threaded view
|

Re: New Version Notification for draft-nottingham-site-wide-headers-00.txt

Martin Thomson-3
Interesting.

Maybe you should work out a solution with Mike that works for both of you.

Vary?

The sets thing needs better justification - as it is, you are
effectively creating many resources (/.well-known/site-headers#foo
perhaps) identified by a single URL  The discussion on Mike's proposal
hit this very point[1]. Personally, I'm inclined to agree with Mike
about the costs outweighing benefits.

There will be a temptation to gzip (or brotli) this, especially if .
Security considerations (or Section 2.1) might mention that data from
mutually distrustful sources isn't appropriate.

[1] https://discourse.wicg.io/t/proposal-set-origin-wide-policies-via-a-manifest/1617

On 3 August 2016 at 13:06, Mark Nottingham <[hidden email]> wrote:

> FYI. Prettier version at:
>   https://mnot.github.io/I-D/site-wide-headers/
>
> Mike West has a slightly different approach at:
>   https://mikewest.github.io/origin-policy/
>
> Thoughts?
>
>
>> Begin forwarded message:
>>
>> From: [hidden email]
>> Subject: New Version Notification for draft-nottingham-site-wide-headers-00.txt
>> Date: 3 August 2016 at 1:03:57 PM GMT+2
>> To: "Mark Nottingham" <[hidden email]>
>>
>>
>> A new version of I-D, draft-nottingham-site-wide-headers-00.txt
>> has been successfully submitted by Mark Nottingham and posted to the
>> IETF repository.
>>
>> Name:         draft-nottingham-site-wide-headers
>> Revision:     00
>> Title:                Site-Wide HTTP Headers
>> Document date:        2016-08-03
>> Group:                Individual Submission
>> Pages:                10
>> URL:            https://www.ietf.org/internet-drafts/draft-nottingham-site-wide-headers-00.txt
>> Status:         https://datatracker.ietf.org/doc/draft-nottingham-site-wide-headers/
>> Htmlized:       https://tools.ietf.org/html/draft-nottingham-site-wide-headers-00
>>
>>
>> Abstract:
>>   This document specifies an alternative way for Web sites to send HTTP
>>   response header fields that apply to large numbers of resources, to
>>   improve efficiency.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
>>
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: New Version Notification for draft-nottingham-site-wide-headers-00.txt

Mark Nottingham-2
We're talking.

WRT the sets thing -- yes, my original proposal was just one set of server-wide headers. However, CSP is one of the major byte wasters, and for the vast majority of origins, it varies a bit (e.g., only sent on HTML resources, and differs a bit between them, sometimes).

Cheers,

> On 3 Aug 2016, at 2:47 PM, Martin Thomson <[hidden email]> wrote:
>
> Interesting.
>
> Maybe you should work out a solution with Mike that works for both of you.
>
> Vary?
>
> The sets thing needs better justification - as it is, you are
> effectively creating many resources (/.well-known/site-headers#foo
> perhaps) identified by a single URL  The discussion on Mike's proposal
> hit this very point[1]. Personally, I'm inclined to agree with Mike
> about the costs outweighing benefits.
>
> There will be a temptation to gzip (or brotli) this, especially if .
> Security considerations (or Section 2.1) might mention that data from
> mutually distrustful sources isn't appropriate.
>
> [1] https://discourse.wicg.io/t/proposal-set-origin-wide-policies-via-a-manifest/1617
>
> On 3 August 2016 at 13:06, Mark Nottingham <[hidden email]> wrote:
>> FYI. Prettier version at:
>>  https://mnot.github.io/I-D/site-wide-headers/
>>
>> Mike West has a slightly different approach at:
>>  https://mikewest.github.io/origin-policy/
>>
>> Thoughts?
>>
>>
>>> Begin forwarded message:
>>>
>>> From: [hidden email]
>>> Subject: New Version Notification for draft-nottingham-site-wide-headers-00.txt
>>> Date: 3 August 2016 at 1:03:57 PM GMT+2
>>> To: "Mark Nottingham" <[hidden email]>
>>>
>>>
>>> A new version of I-D, draft-nottingham-site-wide-headers-00.txt
>>> has been successfully submitted by Mark Nottingham and posted to the
>>> IETF repository.
>>>
>>> Name:         draft-nottingham-site-wide-headers
>>> Revision:     00
>>> Title:                Site-Wide HTTP Headers
>>> Document date:        2016-08-03
>>> Group:                Individual Submission
>>> Pages:                10
>>> URL:            https://www.ietf.org/internet-drafts/draft-nottingham-site-wide-headers-00.txt
>>> Status:         https://datatracker.ietf.org/doc/draft-nottingham-site-wide-headers/
>>> Htmlized:       https://tools.ietf.org/html/draft-nottingham-site-wide-headers-00
>>>
>>>
>>> Abstract:
>>>  This document specifies an alternative way for Web sites to send HTTP
>>>  response header fields that apply to large numbers of resources, to
>>>  improve efficiency.
>>>
>>>
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>>
>>> The IETF Secretariat
>>>
>>
>> --
>> Mark Nottingham   https://www.mnot.net/
>>
>>
>>
>>
>>

--
Mark Nottingham   https://www.mnot.net/