Re: [apps-discuss] "X-" revisited

Dirk Pranke <dpranke@chromium.org> Wed, 13 July 2011 01:15 UTC

Return-Path: <dpranke@google.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F4CC21F8B84 for <apps-discuss@ietfa.amsl.com>; Tue, 12 Jul 2011 18:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.82
X-Spam-Level:
X-Spam-Status: No, score=-105.82 tagged_above=-999 required=5 tests=[AWL=-0.158, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, SARE_MILLIONSOF=0.315, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f0+5Tokcf01e for <apps-discuss@ietfa.amsl.com>; Tue, 12 Jul 2011 18:15:10 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id 7A28021F8AF0 for <apps-discuss@ietf.org>; Tue, 12 Jul 2011 18:15:10 -0700 (PDT)
Received: from kpbe14.cbf.corp.google.com (kpbe14.cbf.corp.google.com [172.25.105.78]) by smtp-out.google.com with ESMTP id p6D1F8Ag008623 for <apps-discuss@ietf.org>; Tue, 12 Jul 2011 18:15:08 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1310519709; bh=b7gP4nfEQwSyQsZmqOKs4JfPFgw=; h=MIME-Version:Sender:In-Reply-To:References:From:Date:Message-ID: Subject:To:Cc:Content-Type:Content-Transfer-Encoding; b=KLWkfZFtG4keqxrg8VgP57twkA2CBJD1mZGbRBYERrgqPouc9HgWdK1sb5rV79N9H JCgSOqqYbwBJRjonyUMAg==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:sender:in-reply-to:references:from: date:x-google-sender-auth:message-id:subject:to:cc:content-type: content-transfer-encoding:x-system-of-record; b=I/8/P40vkp34O4ZdAqMErZCaUL4ptjuTjLB+4+I1RsoqxQzfgd5C3LZNX2NLnYYuh UnalbOTD29lXTUh91L4zQ==
Received: from pvg11 (pvg11.prod.google.com [10.241.210.139]) by kpbe14.cbf.corp.google.com with ESMTP id p6D1DSus014559 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <apps-discuss@ietf.org>; Tue, 12 Jul 2011 18:15:06 -0700
Received: by pvg11 with SMTP id 11so6770854pvg.27 for <apps-discuss@ietf.org>; Tue, 12 Jul 2011 18:15:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=sSdFEuBJuzHlUaUumNqlzEol46b86WQIdTbj4CKiR8I=; b=UYtXfrobq1iGk31gJ2rnc/YxyS+bBAtrrHsZsLlDeZV8aFxk7pBauZMgy45x6N5P3w LtDl13G08BV7kKn9bC5w==
Received: by 10.143.43.17 with SMTP id v17mr238139wfj.56.1310519701121; Tue, 12 Jul 2011 18:15:01 -0700 (PDT)
MIME-Version: 1.0
Sender: dpranke@google.com
Received: by 10.142.193.2 with HTTP; Tue, 12 Jul 2011 18:14:41 -0700 (PDT)
In-Reply-To: <ADE37DFA-2830-4AAC-B108-227CF6B083D8@mnot.net>
References: <4E08CDCB.70902@stpeter.im> <BANLkTikOQt4k8YDv5z43SYuRcq5rzueGKw@mail.gmail.com> <4E1518F2.6000403@stpeter.im> <CAEoffTDZqt5wMGr+PkQ56Os8d+av7npJEmwe4viGfaNEMZ8TQg@mail.gmail.com> <463EE211-0C59-4865-98CB-F65A2549B273@mnot.net> <CAEoffTD6Bq_Agup-QqdjXwLUDNTRVDaFMQWufCPGo8koj1Ww3Q@mail.gmail.com> <ADE37DFA-2830-4AAC-B108-227CF6B083D8@mnot.net>
From: Dirk Pranke <dpranke@chromium.org>
Date: Tue, 12 Jul 2011 18:14:41 -0700
X-Google-Sender-Auth: BwnO4r1CX9CL5Jy1SxAxnKYB8C0
Message-ID: <CAEoffTB2kCVqs=Qg_Oh_XqfhGA2owMetb-y8xnCPUM-3EY-q4Q@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] "X-" revisited
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2011 01:15:15 -0000

On Mon, Jul 11, 2011 at 5:17 PM, Mark Nottingham <mnot@mnot.net> wrote:
> On 12/07/2011, at 4:37 AM, Dirk Pranke wrote:
>
>> On Sun, Jul 10, 2011 at 6:18 PM, Mark Nottingham <mnot@mnot.net> wrote:
>>>
>>> On 07/07/2011, at 1:30 PM, Dirk Pranke wrote:
>>>
>>>> On Wed, Jul 6, 2011 at 7:24 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote:
>>>>>
>>>>> Is there some kind of attack lurking here that we're not aware of?
>>>>> Parameter phishing or somesuch?
>>>>>
>>>>
>>>> No, that was not my concern. I am mostly trying to map your arguments
>>>> onto the way we're currently evolving the HTML APIs, which follow a
>>>> similar convention to X- (the vendor prefixes).
>>>
>>>
>>> I think the difference there is that the number of implementations is relatively small.
>>>
>>
>> Hmm. I agree that the number of browser implementations with
>> significant market share is fairly small, but I don't know that this
>> is unusual. I'd be hard pressed to think of a significant application
>> or transport-layer protocol that has had more than a half dozen major
>> (read: others have to adopt their extensions) implementations either.
>
> Right, but think of HTTP headers; any random person can (and does) add them, all of the time, and then they're in use.
>
> This is where "implementation" breaks down, because it's the "server" + frameworks + site-specific code. While there are a few handful* of HTTP server implementations, there are hundreds of frameworks, and millions of sites with their own code. Then there are conventions that people layer over top, for interop between sites / frameworks (e.g., Atompub).
>

I think I did not make myself clear. Just because some implementation
uses a header named 'X' does not mean that everyone else cares. We
ignore headers we don't recognize. We usually only care about header X
when a significant percentage of our traffic starts using it.

On the other hand, your point about there being a lot of frameworks is
valid, and I agree that there's a lot more than six of them :) Then
again, frameworks rarely create new headers in my (admittedly limited)
experience.

-- Dirk

> Cheers,
>
>
> * From what I can see, the number of HTTP server implementations is exploding as well, over the last few years.
>
>
> Mark Nottingham   http://www.mnot.net/
>
>
>
>