[dispatch] A packaging format for the web
Jeffrey Yasskin <jyasskin@chromium.org> Thu, 15 June 2017 19:09 UTC
Return-Path: <jyasskin@google.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 285C7127866 for <dispatch@ietfa.amsl.com>; Thu, 15 Jun 2017 12:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com header.b=BuRcKFBE; dkim=pass (1024-bit key) header.d=chromium.org header.b=oOMnxCKd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5kTI_EPdsv8 for <dispatch@ietfa.amsl.com>; Thu, 15 Jun 2017 12:09:40 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5374127078 for <dispatch@ietf.org>; Thu, 15 Jun 2017 12:09:39 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id d64so1873136wmf.1 for <dispatch@ietf.org>; Thu, 15 Jun 2017 12:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to :content-transfer-encoding; bh=jahQD+LSz2yRrXtf7YIGgAtIj8yS005nsvKKbsoZNmk=; b=BuRcKFBEWECTRJ8oP7Qal/lEOPiyuqUrSQiFkzV5ETCfFKpBlHHdR3UVdwmJ1Dsm6B RFZ6gOcI+4pTacI22fGtK2nnrQZy1YBmqkqdaZRRQuj92zcwscjvEWc7CswrdqlYFhHI 2kJR0b45P/V3dCY2Ero1pLD9ZGs0NgvJh4yt9Ie3e/CEm8A3l6l76eIxy9U9vVE2SR8k /I6i1QXDbTcxVBRCDr/23ABwatHvtsp/MjJCw/WshCJQCGbug/lCv1RTQHVywx1n5h/q qvkbNKQppObSIBP8kIgckYP+d4x5xURt7oKUCbewiz31VO443r8PM7m7B3yhu998gT86 7Cpg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:from:date:message-id:subject:to :content-transfer-encoding; bh=jahQD+LSz2yRrXtf7YIGgAtIj8yS005nsvKKbsoZNmk=; b=oOMnxCKd2XnHSBwUU2WVSlU0PKQGhtqQrEEyjCOrze0gQJ3/+w55krMUKB41U6lHqO YFbmmPvExhhUE9CXzX7aUMkwsmdiiElj3ZD01Qke/Tlfige6vv0tIzQIhYfNGWjSYqlx z/IkzzZADF48W6r3r6OzP2NW+5L1sPByAGz5Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:content-transfer-encoding; bh=jahQD+LSz2yRrXtf7YIGgAtIj8yS005nsvKKbsoZNmk=; b=Z/N2PK9eKmlMmrRHe95AAQ6TrTnbrrGEnmiNb6aHiMfb549sL8EoKXp1rPpd5LAX0R Bf02W/bNQctC/AM5VAwSVN2iyPwctiJ5WI8ZXPQWgIcqmHV26YDkn7DqsLQUQCG9L+jY wuduZ6OderXZkvUZzOE1DzNPFY6KvFnuO192OpJSOV0aPj4WEogxRhC7hotDqhCtItah d0d42gbG97pUJnLxnxdauUsHQi1vtUXKmoXcxuU5CxYR3VJZSf0jTYw9hNcrnvqn+6Yz Ros+cX9PhSLBxntlsqU2/eVHvC7Irz9S/N5Z81rIKm7wv8vapUB2cwBwe/qy1dOOUMsu Skgw==
X-Gm-Message-State: AKS2vOxL+Q2NQ3EySSrXdIyzeQnqyLEFGu015w4b5nrMO0vzPUOmJ/Rx FZc99yc0s4w6YzaqduKH3pGrpgyas4FY9PsevA==
X-Received: by 10.28.71.147 with SMTP id m19mr4601183wmi.92.1497553777627; Thu, 15 Jun 2017 12:09:37 -0700 (PDT)
MIME-Version: 1.0
Sender: jyasskin@google.com
Received: by 10.28.157.197 with HTTP; Thu, 15 Jun 2017 12:09:16 -0700 (PDT)
From: Jeffrey Yasskin <jyasskin@chromium.org>
Date: Thu, 15 Jun 2017 12:09:16 -0700
X-Google-Sender-Auth: -_necepPs9e3GG7-_ex1SUUYUdg
Message-ID: <CANh-dXkpbBGF-5ZM9ZbZsULUYaP-ECxNy4EfLk25zmg3qFvd6g@mail.gmail.com>
To: dispatch@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/NQ0deHSsRvt4BL4alk_WYVnhhvo>
Subject: [dispatch] A packaging format for the web
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2017 19:09:42 -0000
Hello Dispatch, TL;DR: We're bringing the work at https://github.com/WICG/webpackage to the IETF. People would like to use content offline and in other situations where there isn’t a direct connection to the server where the content originates. However, it's difficult to distribute and verify the authenticity of applications and content without a connection to the network. The W3C has addressed running applications offline with Service Workers (https://www.w3.org/TR/service-workers-1/), but not the problem of distribution. * People with expensive or intermittent internet connections are used to sharing files via P2P links and shared SD cards. They should be able to install web applications they received this way. Installing a web application requires a TLS-type guarantee that it came from and can use data owned by a particular origin. * Verification of the origin of the content isn't always necessary. For example, users currently share screenshots and MHTML documents with their peers, with no guarantee that the shared content is authentic. However, these formats have low fidelity (screenshots) and/or aren't interoperable (MHTML). We'd like an interoperable format that lets both publishers and readers package such content for use in an untrusted mode. * CDNs want to re-publish other origins' content so readers can access it more quickly or more privately. Currently, to attribute that content to the original origin, they need the full ability to publish arbitrary content under that origin's name. There should be a way to let them attribute only the exact content that the original origin published. We think a packaging format can help satisfy these use cases. This format likely also has other uses, and we should try to support such use cases as long as they don't compromise the offline use cases. For example, packages may help optimize transferring online content or let third-parties assert properties of the package via cross-signatures. The Chromium project has started work on this sort of packaging format within the W3C's WICG, at https://github.com/WICG/webpackage. We have a list of use cases, some goals and explicit non-goals, and a draft for the format itself. We believe the IETF is the ideal place to standardize the format, and in parallel we'll specify within the W3C how browsers should load it. I'll be writing an initial internet-draft in the next couple weeks, in time to bring it to IETF 99. We'd appreciate being directed to the appropriate place within the IETF to do this work. Thanks, Jeffrey Yasskin P.S. I'll be on vacation from June 16-23; I'll reply intermittently during that time but mostly once I get back.
- [dispatch] A packaging format for the web Jeffrey Yasskin