Re: [apps-discuss] "X-" revisited

Mark Nottingham <mnot@mnot.net> Tue, 12 July 2011 00:17 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59DF811E817F for <apps-discuss@ietfa.amsl.com>; Mon, 11 Jul 2011 17:17:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.87
X-Spam-Level:
X-Spam-Status: No, score=-105.87 tagged_above=-999 required=5 tests=[AWL=-3.586, BAYES_00=-2.599, SARE_MILLIONSOF=0.315, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zT-C9fPMwLUD for <apps-discuss@ietfa.amsl.com>; Mon, 11 Jul 2011 17:17:24 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) by ietfa.amsl.com (Postfix) with ESMTP id A852111E813A for <apps-discuss@ietf.org>; Mon, 11 Jul 2011 17:17:24 -0700 (PDT)
Received: from chancetrain-lm.mnot.net (unknown [118.209.88.245]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 379D1509B3; Mon, 11 Jul 2011 20:17:16 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAEoffTD6Bq_Agup-QqdjXwLUDNTRVDaFMQWufCPGo8koj1Ww3Q@mail.gmail.com>
Date: Tue, 12 Jul 2011 10:17:14 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <ADE37DFA-2830-4AAC-B108-227CF6B083D8@mnot.net>
References: <4E08CDCB.70902@stpeter.im> <BANLkTikOQt4k8YDv5z43SYuRcq5rzueGKw@mail.gmail.com> <4E1518F2.6000403@stpeter.im> <CAEoffTDZqt5wMGr+PkQ56Os8d+av7npJEmwe4viGfaNEMZ8TQg@mail.gmail.com> <463EE211-0C59-4865-98CB-F65A2549B273@mnot.net> <CAEoffTD6Bq_Agup-QqdjXwLUDNTRVDaFMQWufCPGo8koj1Ww3Q@mail.gmail.com>
To: Dirk Pranke <dpranke@chromium.org>
X-Mailer: Apple Mail (2.1084)
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] "X-" revisited
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2011 00:17:25 -0000

On 12/07/2011, at 4:37 AM, Dirk Pranke wrote:

> On Sun, Jul 10, 2011 at 6:18 PM, Mark Nottingham <mnot@mnot.net> wrote:
>> 
>> On 07/07/2011, at 1:30 PM, Dirk Pranke wrote:
>> 
>>> On Wed, Jul 6, 2011 at 7:24 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote:
>>>> 
>>>> Is there some kind of attack lurking here that we're not aware of?
>>>> Parameter phishing or somesuch?
>>>> 
>>> 
>>> No, that was not my concern. I am mostly trying to map your arguments
>>> onto the way we're currently evolving the HTML APIs, which follow a
>>> similar convention to X- (the vendor prefixes).
>> 
>> 
>> I think the difference there is that the number of implementations is relatively small.
>> 
> 
> Hmm. I agree that the number of browser implementations with
> significant market share is fairly small, but I don't know that this
> is unusual. I'd be hard pressed to think of a significant application
> or transport-layer protocol that has had more than a half dozen major
> (read: others have to adopt their extensions) implementations either.

Right, but think of HTTP headers; any random person can (and does) add them, all of the time, and then they're in use. 

This is where "implementation" breaks down, because it's the "server" + frameworks + site-specific code. While there are a few handful* of HTTP server implementations, there are hundreds of frameworks, and millions of sites with their own code. Then there are conventions that people layer over top, for interop between sites / frameworks (e.g., Atompub).

Cheers,


* From what I can see, the number of HTTP server implementations is exploding as well, over the last few years. 


Mark Nottingham   http://www.mnot.net/