Re: [apps-discuss] Fwd: I-D Action: draft-nottingham-http-browser-hints-01.txt
Dzonatas Sol <dzonatas@gmail.com> Tue, 31 May 2011 00:29 UTC
Return-Path: <dzonatas@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA466E075A for <apps-discuss@ietfa.amsl.com>; Mon, 30 May 2011 17:29:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.121
X-Spam-Level:
X-Spam-Status: No, score=-5.121 tagged_above=-999 required=5 tests=[AWL=-1.522, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BjUJBOi5FwY8 for <apps-discuss@ietfa.amsl.com>; Mon, 30 May 2011 17:28:59 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id F128FE074C for <apps-discuss@ietf.org>; Mon, 30 May 2011 17:28:58 -0700 (PDT)
Received: by pzk5 with SMTP id 5so1985727pzk.31 for <apps-discuss@ietf.org>; Mon, 30 May 2011 17:28:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=AGdymeMnqpJ4o0H7p3wMfv7Dw2Qg+PRqIz51fhVixGQ=; b=KHH10HTcwh5tG52hNxtd997+Gw1LDjkRmGLvDar/SymUHHgssaDFkDmVQPgNhrLtiF 14IV3EsiKssTQbdDGAohBuNpIzQzjHmIFYCNo0EqTyvR6nSYg6XBpOdkyHtBzv5ILgvh 2H1zorW4JglwIGAOe40v5bloP8glUnU9fmuJ8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=T6X7e/egYchJk/zrFIqFTqJwYN/qig6fApdw0HUmBZNCwvTSnDMHRvar8zFETYjM87 OP4iT0KzNiYrHIW681tTbhTgj6rk2xLBZBWfhv+MZ2pZz+7N7WkhLnJsGLiPYcL6IpJ3 WoYRElt4Cjp519K4QuSjIt+cZ4muZbJh8TpKk=
Received: by 10.68.69.43 with SMTP id b11mr2222803pbu.18.1306801738522; Mon, 30 May 2011 17:28:58 -0700 (PDT)
Received: from [192.168.0.50] (adsl-70-133-70-225.dsl.scrm01.sbcglobal.net [70.133.70.225]) by mx.google.com with ESMTPS id m9sm3239082pbd.71.2011.05.30.17.28.56 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 30 May 2011 17:28:57 -0700 (PDT)
Message-ID: <4DE435FE.2050201@gmail.com>
Date: Mon, 30 May 2011 17:27:42 -0700
From: Dzonatas Sol <dzonatas@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20110307 Icedove/3.0.11
MIME-Version: 1.0
To: Bjartur Thorlacius <svartman95@gmail.com>
References: <BANLkTi=s9jHu=_+VVTxAvdEts=9Dts2h0Q@mail.gmail.com> <70A19350-4EA8-4FB4-89CF-B6D4E7FA456B@mnot.net> <4DE3A064.8010404@gmail.com> <4DE3B07F.9030407@gmx.de> <4DE3C4E8.4000900@gmail.com> <4DE3DB86.8000505@gmail.com> <BANLkTiks0kx_D8eqdQwjgDTHqnnF+0B3_g@mail.gmail.com>
In-Reply-To: <BANLkTiks0kx_D8eqdQwjgDTHqnnF+0B3_g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Fwd: I-D Action: draft-nottingham-http-browser-hints-01.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2011 00:29:00 -0000
On 05/30/2011 04:25 PM, Bjartur Thorlacius wrote: > > What queue? Most (but not all) HTTP methods operate on resources > identified by URIs. > We don't inline any of the http method calls, so they are all queued asynchronously. Programs, then, can easily examine the queue for optimizations, especially to stream them all together. That's the ReSTful queue. That's works well and simply quicker when there hundreds of queries between two end points. > >> Any implication of an attacker... questionable on why would one stop >> there, specifically, even if we assume "they're inside". >> >> > You don't necessarily have to be "inside" to be able to upload files. > I'm thinking of a user registering as ".well-known" and uploading > maliciously named and crafted files. If someone is not logged in, for example, then one could issue one of the 3xx codes and possibly issue some private URL. I don't see the conflict there. > *All* HTTP servers out there will > have to reserve the "/.well-known" prefix, if only to avoid serving a > dangerous value of the max-conns property in the browser-hints file > (and thereby values of other properties such as max-pipeline-depth). > "have-to"? The example uses the full path for simple conveyance, yet there could be </.well-known/> in container setups that implement RFC5785 and <draft-nottingham-http-browser-hints-01.txt/>, especially when restricted to no nested directories. If there is no </.well-known/> then most likely fallback to the "User-Agent:" header if that exists; otherwise, eventually assume some past http provider on one end. > Note that I don't disagree with RFC 5785. It's the right mechanism for > certain tasks. I disagree with the apparent group consensus that > discovery of browser hints are one of these tasks. > > Do you think that information should exist in the "User-Agent:" header and have everybody upgrade their browser together as one group? Maybe some rather use 'cloud' containers with restricted data driven flow, but I can think of too many other examples, and the 'cloud' idea is actually useful for an example as one step beyond as site (i.e. containers) on demand despite paths based on URIs in individual queries and synchronous end-to-end flow. -- --- https://twitter.com/Dzonatas_Sol --- Web Development, Software Engineering, Virtual Reality, Consultant
- [apps-discuss] Fwd: I-D Action: draft-nottingham-… Mark Nottingham
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Bjartur Thorlacius
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Mark Nottingham
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Bjartur Thorlacius
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Julian Reschke
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Mykyta Yevstifeyev
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Bjartur Thorlacius
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… MyKyta Yevstifeyev
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Bjartur Thorlacius
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Bjartur Thorlacius
- Re: [apps-discuss] Fwd: I-D Action: draft-notting… Dzonatas Sol