Re: [apps-discuss] RFC6454 "the web origin concept" obsoleted?
Daniel Stenberg <daniel@haxx.se> Mon, 18 July 2016 21:00 UTC
Return-Path: <daniel@haxx.se>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5378A12D0A3 for <apps-discuss@ietfa.amsl.com>; Mon, 18 Jul 2016 14:00:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.488
X-Spam-Level:
X-Spam-Status: No, score=-5.488 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YQXe86qK-SAw for <apps-discuss@ietfa.amsl.com>; Mon, 18 Jul 2016 14:00:08 -0700 (PDT)
Received: from giant.haxx.se (www.haxx.se [IPv6:2a00:1a28:1200:9::2]) by ietfa.amsl.com (Postfix) with ESMTP id A0C5D12D0A6 for <apps-discuss@ietf.org>; Mon, 18 Jul 2016 14:00:06 -0700 (PDT)
Received: from giant.haxx.se (localhost.localdomain [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id u6IL033G001565 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Jul 2016 23:00:03 +0200
Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id u6IL02G6001362; Mon, 18 Jul 2016 23:00:02 +0200
X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs
Date: Mon, 18 Jul 2016 23:00:02 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: jeff.hodges@kingsmountain.com
In-Reply-To: <20160718091102.Horde.RzjJV3MMRkInfgnzFSWltA7@box514.bluehost.com>
Message-ID: <alpine.DEB.2.20.1607182251070.11195@tvnag.unkk.fr>
References: <20160718091102.Horde.RzjJV3MMRkInfgnzFSWltA7@box514.bluehost.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/apps-discuss/6r5MZHATP8mOsQwdS9zvNhIp9yY>
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] RFC6454 "the web origin concept" obsoleted?
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2016 21:00:10 -0000
On Mon, 18 Jul 2016, jeff.hodges@kingsmountain.com wrote: > * Are the changes to RFC3986 & RFC3987 evidenced in [URL] widely applicable > to all URL-utilizing specs and if so, do we obsolete them and point to > [URL], or backport the changes to RFC3986bis & RFC3987bis? Or do something > else, or do nothing? The [URL] spec is mostly followed by browsers while the rest of the URL parsing world is all over the place but very few non-browsers implement the [URL] spec and instead do various mixes of what the RFCs say and the browsers do. I blogged about this exact issue a short while ago [1] after having realized the [URL] spec says eight thousand slashes in a HTTP URL is fine and should be parsed. I personally am not a fan of neither the [URL] spec style (I find it very hard to read), how it is being written or what it says a URL can look like. But I know I get a lot of objections and "web compatibility" arguments thrown at me when I say so... So the RFCs are currently lacking a lot when it comes to parsing modern URLs, but the [URL] spec is not even trying to make a spec for an entire web infrastructure so it isn't a generic solution either. I don't have a good answer for where we should go from here. [1] = https://daniel.haxx.se/blog/2016/05/11/my-url-isnt-your-url/ -- / daniel.haxx.se
- Re: [apps-discuss] RFC6454 "the web origin concep… John C Klensin
- Re: [apps-discuss] RFC6454 "the web origin concep… Daniel Stenberg
- [apps-discuss] RFC6454 "the web origin concept" o… jeff.hodges