[apps-discuss] RFC6454 "the web origin concept" obsoleted?

jeff.hodges@kingsmountain.com Mon, 18 July 2016 15:28 UTC

Return-Path: <jeff.hodges@kingsmountain.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35D9012DAAF for <apps-discuss@ietfa.amsl.com>; Mon, 18 Jul 2016 08:28:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=kingsmountain.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vy9jAeN-1EeY for <apps-discuss@ietfa.amsl.com>; Mon, 18 Jul 2016 08:28:17 -0700 (PDT)
Received: from gproxy9-pub.mail.unifiedlayer.com (gproxy9-pub.mail.unifiedlayer.com [69.89.20.122]) by ietfa.amsl.com (Postfix) with SMTP id 1A72D12DD63 for <apps-discuss@ietf.org>; Mon, 18 Jul 2016 08:11:10 -0700 (PDT)
Received: (qmail 6859 invoked by uid 0); 18 Jul 2016 15:11:08 -0000
Received: from unknown (HELO CMOut01) (10.0.90.82) by gproxy9.mail.unifiedlayer.com with SMTP; 18 Jul 2016 15:11:08 -0000
Received: from box514.bluehost.com ([74.220.219.114]) by CMOut01 with id LFB31t01K2UhLwi01FB6td; Mon, 18 Jul 2016 09:11:06 -0600
X-Authority-Analysis: v=2.1 cv=AL9Ak13q c=1 sm=1 tr=0 a=9W6Fsu4pMcyimqnCr1W0/w==:117 a=9W6Fsu4pMcyimqnCr1W0/w==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=XYUc-DgfXtMA:10 a=cAmyUtKerLwA:10 a=SSmOFEACAAAA:8 a=1XWaLZrsAAAA:8 a=ekYV4lpRAAAA:8 a=KmqoVnChw2HUwt6bDTEA:9 a=QEXdDO2ut3YA:10 a=SYQW5X1n0iMA:10 a=BzEbElt3aKsA:10 a=zjWhRoSqWz9hl55Hdlzg:22 a=nJcEw6yWrPvoIXZ49MH8:22 a=mrCxpU6zTNQDHnudu_9Q:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=MIME-Version:Content-Type:Subject:To:From: Message-ID:Date; bh=vXAsmz17/CzaO/x6kqpKSZZFG24hEiNY/WvVQ25ZRto=; b=z80d/kN3B 4JEqCxMggB/JQ+x0lbc381u7aUCVlS7n+z5JStTmlwdoL2e3xv4L9dANQ/qXUikYGYOSaUf4HUMfx aAmjM2CpM4yDXLOiCwmfLZIllU3F7eDyHfXBeOpC5g;
Received: from [127.0.0.1] (port=44729 helo=box514.bluehost.com) by box514.bluehost.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.86_2) (envelope-from <jeff.hodges@kingsmountain.com>) id 1bPACG-0004iN-Rf for apps-discuss@ietf.org; Mon, 18 Jul 2016 09:11:04 -0600
Received: from 31.133.180.173 ([31.133.180.173]) by box514.bluehost.com (Horde Framework) with HTTP; Mon, 18 Jul 2016 09:11:02 -0600
Date: Mon, 18 Jul 2016 09:11:02 -0600
Message-ID: <20160718091102.Horde.RzjJV3MMRkInfgnzFSWltA7@box514.bluehost.com>
From: jeff.hodges@kingsmountain.com
To: apps-discuss@ietf.org
User-Agent: Horde Application Framework 5
Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes
MIME-Version: 1.0
Content-Disposition: inline
X-Identified-User: {:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:program running on server}
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box514.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - kingsmountain.com
X-Source-IP: 127.0.0.1
X-Exim-ID: 1bPACG-0004iN-Rf
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (box514.bluehost.com) [127.0.0.1]:44729
X-Source-Auth: jeff.hodges@kingsmountain.com
X-Email-Count: 0
X-Source-Cap: a2luZ3Ntb3U7a2luZ3Ntb3U7Ym94NTE0LmJsdWVob3N0LmNvbQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/apps-discuss/74lYNsZsmQwTBaIwUNLw0SiG4lU>
Subject: [apps-discuss] RFC6454 "the web origin concept" obsoleted?
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2016 15:28:20 -0000

[This is more-or-less a heads-up public service announcement/query wrt  
process...]

In the below relatively recent exchange on the HTTP WG's list ietf-http-wg@..

https://lists.w3.org/Archives/Public/ietf-http-wg/2016JanMar/0323.html
> On 3/3/16, 3:10 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote:
>> On Mon, Feb 22, 2016 at 1:45 PM, Mike West <mkwst@google.com> wrote:
>> > I think we need precision somewhere. I'm fairly agnostic about where that
>> > somewhere might be. Adding Anne, who might be interested in defining terms
>> > like these in Fetch?
>
> Seems fine. (Though note that the Origin RFC comparison does not quite
> fly, it's made obsolete by the combination of HTML, Fetch, and URL
> Standards.)

..Anne notes that (in the WhatWG's (and others?) view), RFC6454 "The  
Web Origin Concept" is obsoleted by the combination of (the present,  
and intended on-going state of) [HTML], [FETCH], and [URL].

This seems to beg some questions for the HTTP WG and the IETF at large  
(and perhaps the WhatWG, as well as the W3C), since [HTML] and [FETCH]  
are implemented by browsers and browser-like HTTP clients (e.g.,  
crawlers/spiders), but not necessarily other types of HTTP clients,  
[URL] is intended (by its author(s)) to obsolete RFC3986 & RFC3987  
[URLgoals], and RFC6454 is referenced by nine RFCs [0] and several  
I-Ds [1]:

* Should some I-D appear that is intended to obsolete RFC6454 and  
points to [HTML], [FETCH], and [URL] as the present specs addressing  
the Web Origin Concept?

* Or should some I-D appear stating that for browsers and browser-like  
HTTP clients, see [HTML][FETCH][URL] for the Web Origin Concept, and  
for other HTTP clients, see RFC6454?

* Plus, should the change(s) to the functionality & definitions in  
RFC6454 be back-ported to a rfc6454bis ?

* Are the changes to RFC3986 & RFC3987 evidenced in [URL] widely  
applicable to all URL-utilizing specs and if so, do we obsolete them  
and point to [URL], or backport the changes to RFC3986bis &  
RFC3987bis? Or do something else, or do nothing?

The above questions and the issues they beg are just off the top of my  
head, need refinement, etc.

Perhaps the duplication between "orgs" doesn't matter and everyone can  
figure out what specs to pay attention to given their context? I don't  
know the answers but thought I'd toss out the questions...

HTH,

=JeffH

ps: note also that [HTML] and [FETCH] are referenced by  
draft-ietf-httpbis-cookie-same-site:
https://lists.w3.org/Archives/Public/ietf-http-wg/2016AprJun/0432.html


[FETCH] https://fetch.spec.whatwg.org/

[HTML] https://html.spec.whatwg.org/

[URL] https://url.spec.whatwg.org/

[URLgoals] https://url.spec.whatwg.org/#goals

[0] RFC6454 is ref'd By 6555, 6690, 6787, 6797, 6920, 7030, 7034, 7395, 7486

[1]  (some of the below may be expired, I didn't check)
> grep -li rfc6454 *txt
draft-dejong-remotestorage-07.txt
draft-ietf-appsawg-file-scheme-11.txt
draft-ietf-core-coap-tcp-tls-03.txt
draft-ietf-httpauth-mutual-08.txt
draft-ietf-httpbis-alt-svc-14.txt
draft-ietf-httpbis-cache-digest-00.txt
draft-ietf-httpbis-cookie-same-site-00.txt
draft-ietf-httpbis-http2-encryption-06.txt
draft-ietf-httpbis-origin-frame-00.txt
draft-ietf-rtcweb-security-08.txt
draft-ietf-rtcweb-security-arch-12.txt
draft-ietf-tram-stun-origin-06.txt
draft-ietf-webpush-protocol-07.txt
draft-ietf-webpush-vapid-01.txt
draft-kazuho-h2-cache-digest-01.txt
draft-nottingham-httpbis-origin-frame-01.txt
draft-pd-dispatch-msrp-websocket-12.txt
draft-reschke-http-oob-encoding-07.txt
draft-savolainen-core-coap-websockets-07.txt
draft-sheffer-tls-pinning-ticket-02.txt
draft-thomson-http-scd-01.txt
draft-thomson-webpush-vapid-02.txt