Re: Side meeting on Signed Exchanges and Web Packaging
Yoav Weiss <yoav@yoav.ws> Mon, 19 March 2018 10:19 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2761127010 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 19 Mar 2018 03:19:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.66
X-Spam-Level:
X-Spam-Status: No, score=-6.66 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yoav-ws.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IivVcVVYEtH5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 19 Mar 2018 03:19:19 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79657126CBF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 19 Mar 2018 03:19:18 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1exrjh-0007BX-Jg for ietf-http-wg-dist@listhub.w3.org; Mon, 19 Mar 2018 10:09:49 +0000
Resent-Date: Mon, 19 Mar 2018 10:09:49 +0000
Resent-Message-Id: <E1exrjh-0007BX-Jg@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <yoav@yoav.ws>) id 1exrjU-0007AK-MV for ietf-http-wg@listhub.w3.org; Mon, 19 Mar 2018 10:09:36 +0000
Received: from mail-wr0-f177.google.com ([209.85.128.177]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <yoav@yoav.ws>) id 1exrjQ-0001gS-Co for ietf-http-wg@w3.org; Mon, 19 Mar 2018 10:09:35 +0000
Received: by mail-wr0-f177.google.com with SMTP id z8so8228046wrh.7 for <ietf-http-wg@w3.org>; Mon, 19 Mar 2018 03:09:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yoav-ws.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=a+p+HMWDb941UfVEbS/NUsiJZ3raqoAIO+0ZPPge37o=; b=OqxPDlmilCuTtK7ZIUUVyM4DVg98zLb+yEEscdhTsKE9qb2toVmBOE7bKHWX3hdChH 7I8NbQPRaxBW2MifiurBgPEg7iBpzpd6y8caYO+eyJQa54ItJ5jyPlL3+EG6Saq+Ka3a X6O1CJo2XhsZ2gIeFRHyP7Dju/dg5f90/bIGrOgUT71Y0AixRhHq5iISKv2LFmSVR8TZ gpH2TTTymQet76f45tTd97Ikb1MVh5cgrmgyMqoGw1F9sT0Lvtwg0rnlnVMhftcFTEFi 7ptxIBrTNVe9KaZf11n3GC+lrnDxdinxdZfWDm4pL0iD4YZSf+/l++XNYwa4u6ggtVuM I8Ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a+p+HMWDb941UfVEbS/NUsiJZ3raqoAIO+0ZPPge37o=; b=kQ+ilCrlwC7DWY4AxFwNRvKzdRTNBpgWssa6RZh+anhx/Hj8POxYCSq06ahOfolRMw LsFYEEW5AhSQsNWI55Ut90QujdWhXugnbdulb29cZ2dRqD+2vUHkdID3L7d6/28I90HO 20SYA+xpSn/l2xko7H3TbrMhHsmIu9lza76B1lnogEYElmZwMM4ihBQOlPZDXw6g5Myv PSAr/9D+T4SjWIThW6+rwzzhYFK0U97RpFWyBHshBjyFUkJKwBVQdcB2y0kgqheHfpfa RwysdcRDbCAMkQ8oVVqZ7pgvPxQ79LiujM8tEwpu17B8iWBkyL44v+Jr91c5sghs/oRK b+cQ==
X-Gm-Message-State: AElRT7EBVdTCs7i9LsnUqgFSBLgH3QL8zXgzkDJjySKk/LtyOvy9AkNm 8VScl/M3/O3aZ06+lR59qEidqq60LWSHI43U2RxOcw==
X-Google-Smtp-Source: AG47ELsj2uWQ8cTSmDHRCT1K0s1PEjElK9Qo3UDrjDwbEsO4xxZxmksEM1Phj5ePyjxUkwHm2P8RCEZxBmupoh8XMlM=
X-Received: by 10.223.128.40 with SMTP id 37mr9482324wrk.73.1521454148379; Mon, 19 Mar 2018 03:09:08 -0700 (PDT)
MIME-Version: 1.0
References: <CANh-dXnNc52Mg_Web65HdvDMucQAwNX5scgV=S_zOkM29vn1zg@mail.gmail.com>
In-Reply-To: <CANh-dXnNc52Mg_Web65HdvDMucQAwNX5scgV=S_zOkM29vn1zg@mail.gmail.com>
From: Yoav Weiss <yoav@yoav.ws>
Date: Mon, 19 Mar 2018 10:08:57 +0000
Message-ID: <CACj=BEgMUa2FDw0HyM135VA5J83bg-ruhA+dYr0Ax7Nvankkvg@mail.gmail.com>
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: art@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="94eb2c09740a0e78620567c126cc"
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: AWL=3.833, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1exrjQ-0001gS-Co 59144e8e9ee164fabc3f03e66aa4cc65
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Side meeting on Signed Exchanges and Web Packaging
Archived-At: <https://www.w3.org/mid/CACj=BEgMUa2FDw0HyM135VA5J83bg-ruhA+dYr0Ax7Nvankkvg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/35180
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I'll be there! To reiterate here comments I've made elsewhere <https://groups.google.com/a/chromium.org/d/msg/blink-dev/n7cZXSTwBTY/Ham62KVeAgAJ> : I'm super excited about this work, from multiple perspectives: <cdn-person-hat> This feature will enable CDNs to serve origin-signed content from origins that are not on their network (and which private keys they don't have). Origins signing their static resources would make those resources available to be cached anywhere, and sites that use those resources could download them over their own H2 connections, avoiding connection establishment and contention costs, without compromising on the resource's integrity. That should result in significant performance wins when delivering such resources. </cdn-person-hat> <performance-person-hat> Web packaging (not the Origin Signed part, but the packaging format part <https://github.com/WICG/webpackage/blob/master/draft-yasskin-dispatch-web-packaging.md>) can help us solve the problems we have around resource bundling. Right now there's a clear tradeoff for bundling JS/CSS resources: Larger bundles provide improved compression ratios, but later execution, as the entire bundle must be downloaded before execution starts. Web packaging can help us sidestep that dilemma and deliver all our (static, non-credentialed) resources in a single compressed bundle, that is processed in a streaming fashion. No tradeoffs! Packaging also seems doubly important when we look at ES6 modules that have to be delivered in their own file. AFAIUI, current bundling processes work around that by smooshing multiple modules together as part of the bundling process. Would be great to avoid that need. Finally, from a caching perspective, web packages are superior to bundles, as they can enable invalidation of specific resources, where today the entire bundle gets invalidated. *Aside:* I was hoping we can fix these issues by extending the protocols and pushing compression to the h2 layer <https://github.com/vkrasnov/h2-compression-dictionaries/blob/master/draft-vkrasnov-h2-compression-dictionaries.md>. Lack of excitement from the security community has since caused me to doubt it will become a reality in the near future. </performance-person-hat> <api-owner-hat> The use-case as outlined by the AMP team seems like a win that will enable decentralizing content which aggregators provide to their users. The current model where aggregated content (AMP, but also MIP, Baidu's variant) is often served from the aggregator's domain is not necessarily healthy for the Web's long-term success. I'll be glad to see that model go away, and this feature seems paramount to enabling that. Other use-cases, such as offline sharing of PWAs also seem important and can potentially increase the reach of web apps in emerging markets. </api-owner-hat> On Fri, Mar 2, 2018 at 2:30 AM Jeffrey Yasskin <jyasskin@google.com> wrote: > I'll be holding a side meeting (Bar BoF w/o the bar) Monday over lunch in > the IAB office (https://datatracker.ietf.org/meeting/101/floor-plan) to > talk about the Signed HTTP Exchanges and other Web Packaging proposals. See > https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses > and https://github.com/WICG/webpackage/blob/master/explainer.md. > > We'll be trying to determine interest in the area and nail down concerns > that the specifications need to address. > > Thanks to Mark Nottingham for booking the room. > > Jeffrey >
- Side meeting on Signed Exchanges and Web Packaging Jeffrey Yasskin
- Re: Side meeting on Signed Exchanges and Web Pack… Yoav Weiss
- Re: Side meeting on Signed Exchanges and Web Pack… Jeffrey Yasskin
- Re: Side meeting on Signed Exchanges and Web Pack… Alexey Melnikov