Re: [art] Side meeting on Signed Exchanges and Web Packaging
Yoav Weiss <yoav@yoav.ws> Mon, 19 March 2018 10:09 UTC
Return-Path: <yoav@yoav.ws>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10E5E126FB3 for <art@ietfa.amsl.com>; Mon, 19 Mar 2018 03:09:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yoav-ws.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTyt_6QHpiqf for <art@ietfa.amsl.com>; Mon, 19 Mar 2018 03:09:10 -0700 (PDT)
Received: from mail-wr0-x22e.google.com (mail-wr0-x22e.google.com [IPv6:2a00:1450:400c:c0c::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C10E126DEE for <art@ietf.org>; Mon, 19 Mar 2018 03:09:10 -0700 (PDT)
Received: by mail-wr0-x22e.google.com with SMTP id o1so17923833wro.10 for <art@ietf.org>; Mon, 19 Mar 2018 03:09:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yoav-ws.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=a+p+HMWDb941UfVEbS/NUsiJZ3raqoAIO+0ZPPge37o=; b=OqxPDlmilCuTtK7ZIUUVyM4DVg98zLb+yEEscdhTsKE9qb2toVmBOE7bKHWX3hdChH 7I8NbQPRaxBW2MifiurBgPEg7iBpzpd6y8caYO+eyJQa54ItJ5jyPlL3+EG6Saq+Ka3a X6O1CJo2XhsZ2gIeFRHyP7Dju/dg5f90/bIGrOgUT71Y0AixRhHq5iISKv2LFmSVR8TZ gpH2TTTymQet76f45tTd97Ikb1MVh5cgrmgyMqoGw1F9sT0Lvtwg0rnlnVMhftcFTEFi 7ptxIBrTNVe9KaZf11n3GC+lrnDxdinxdZfWDm4pL0iD4YZSf+/l++XNYwa4u6ggtVuM I8Ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a+p+HMWDb941UfVEbS/NUsiJZ3raqoAIO+0ZPPge37o=; b=VapR7TiOi+NMHFvB2HZb/Rt408RJ523eGrRmtSAwAfBDqaoGkgsTkfDHIMX1C/AuGv gL/+MJacLKaNoqWMzs2fGLXFE/AqzTzPjVEq8KzmigfyjpLkoDOK9e3v1IxnUzG+P2KP e6BNcOwuC9BWiX+gM6M4IVjyQA5I8UivxaYWnkxhq0MQWaEhBMApVauA86o7grFFPrqV 9ssiO8HmD3mFD4nfsTO5BDRKdAyIG07OtVzWsg6I3cScctimfTVbRRUGpbrM1lxxWcoG fr3RIvAfpV+T0NIXTDSjdLMlSKsaSdlz8C5C1SmPnGbaY8yt6h3a2kLxZsd3gygcOR4G +BIg==
X-Gm-Message-State: AElRT7HeZmtelasFFk2e3A3x30vzF3vDPf26ipY+QPS8guH5DxxmRe6H ChMxg6zvBt8DiSQFaK2imGK1kqGuBJorpnGIEamkDA==
X-Google-Smtp-Source: AG47ELsj2uWQ8cTSmDHRCT1K0s1PEjElK9Qo3UDrjDwbEsO4xxZxmksEM1Phj5ePyjxUkwHm2P8RCEZxBmupoh8XMlM=
X-Received: by 10.223.128.40 with SMTP id 37mr9482324wrk.73.1521454148379; Mon, 19 Mar 2018 03:09:08 -0700 (PDT)
MIME-Version: 1.0
References: <CANh-dXnNc52Mg_Web65HdvDMucQAwNX5scgV=S_zOkM29vn1zg@mail.gmail.com>
In-Reply-To: <CANh-dXnNc52Mg_Web65HdvDMucQAwNX5scgV=S_zOkM29vn1zg@mail.gmail.com>
From: Yoav Weiss <yoav@yoav.ws>
Date: Mon, 19 Mar 2018 10:08:57 +0000
Message-ID: <CACj=BEgMUa2FDw0HyM135VA5J83bg-ruhA+dYr0Ax7Nvankkvg@mail.gmail.com>
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: art@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="94eb2c09740a0e78620567c126cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/Fjr57E_3UXTx7kb1rtqtK7NVaCI>
Subject: Re: [art] Side meeting on Signed Exchanges and Web Packaging
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 10:09:13 -0000
I'll be there! To reiterate here comments I've made elsewhere <https://groups.google.com/a/chromium.org/d/msg/blink-dev/n7cZXSTwBTY/Ham62KVeAgAJ> : I'm super excited about this work, from multiple perspectives: <cdn-person-hat> This feature will enable CDNs to serve origin-signed content from origins that are not on their network (and which private keys they don't have). Origins signing their static resources would make those resources available to be cached anywhere, and sites that use those resources could download them over their own H2 connections, avoiding connection establishment and contention costs, without compromising on the resource's integrity. That should result in significant performance wins when delivering such resources. </cdn-person-hat> <performance-person-hat> Web packaging (not the Origin Signed part, but the packaging format part <https://github.com/WICG/webpackage/blob/master/draft-yasskin-dispatch-web-packaging.md>) can help us solve the problems we have around resource bundling. Right now there's a clear tradeoff for bundling JS/CSS resources: Larger bundles provide improved compression ratios, but later execution, as the entire bundle must be downloaded before execution starts. Web packaging can help us sidestep that dilemma and deliver all our (static, non-credentialed) resources in a single compressed bundle, that is processed in a streaming fashion. No tradeoffs! Packaging also seems doubly important when we look at ES6 modules that have to be delivered in their own file. AFAIUI, current bundling processes work around that by smooshing multiple modules together as part of the bundling process. Would be great to avoid that need. Finally, from a caching perspective, web packages are superior to bundles, as they can enable invalidation of specific resources, where today the entire bundle gets invalidated. *Aside:* I was hoping we can fix these issues by extending the protocols and pushing compression to the h2 layer <https://github.com/vkrasnov/h2-compression-dictionaries/blob/master/draft-vkrasnov-h2-compression-dictionaries.md>. Lack of excitement from the security community has since caused me to doubt it will become a reality in the near future. </performance-person-hat> <api-owner-hat> The use-case as outlined by the AMP team seems like a win that will enable decentralizing content which aggregators provide to their users. The current model where aggregated content (AMP, but also MIP, Baidu's variant) is often served from the aggregator's domain is not necessarily healthy for the Web's long-term success. I'll be glad to see that model go away, and this feature seems paramount to enabling that. Other use-cases, such as offline sharing of PWAs also seem important and can potentially increase the reach of web apps in emerging markets. </api-owner-hat> On Fri, Mar 2, 2018 at 2:30 AM Jeffrey Yasskin <jyasskin@google.com> wrote: > I'll be holding a side meeting (Bar BoF w/o the bar) Monday over lunch in > the IAB office (https://datatracker.ietf.org/meeting/101/floor-plan) to > talk about the Signed HTTP Exchanges and other Web Packaging proposals. See > https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses > and https://github.com/WICG/webpackage/blob/master/explainer.md. > > We'll be trying to determine interest in the area and nail down concerns > that the specifications need to address. > > Thanks to Mark Nottingham for booking the room. > > Jeffrey >
- [art] Side meeting on Signed Exchanges and Web Pa… Jeffrey Yasskin
- Re: [art] Side meeting on Signed Exchanges and We… Yoav Weiss
- Re: [art] Side meeting on Signed Exchanges and We… Jeffrey Yasskin
- Re: [art] Side meeting on Signed Exchanges and We… Alexey Melnikov