Re: ORIGIN - suggested changes

Stefan Eissing <stefan.eissing@greenbytes.de> Fri, 03 February 2017 13:26 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE153129CB2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Feb 2017 05:26:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.219
X-Spam-Level:
X-Spam-Status: No, score=-10.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=greenbytes.de header.b=jOf6DYPH; dkim=pass (1024-bit key) header.d=greenbytes.de header.b=GRjJoRGn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vYOTDdh9d1SX for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 3 Feb 2017 05:26:32 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D57B129CAD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 3 Feb 2017 05:26:31 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cZdpS-0004S8-5E for ietf-http-wg-dist@listhub.w3.org; Fri, 03 Feb 2017 13:23:06 +0000
Resent-Date: Fri, 03 Feb 2017 13:23:06 +0000
Resent-Message-Id: <E1cZdpS-0004S8-5E@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <stefan.eissing@greenbytes.de>) id 1cZdpO-0004RQ-BG for ietf-http-wg@listhub.w3.org; Fri, 03 Feb 2017 13:23:02 +0000
Received: from mail.greenbytes.de ([5.10.171.186]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <stefan.eissing@greenbytes.de>) id 1cZdpH-0003wc-2e for ietf-http-wg@w3.org; Fri, 03 Feb 2017 13:22:57 +0000
Received: by mail.greenbytes.de (Postfix, from userid 117) id 6F93E15A0DC1; Fri, 3 Feb 2017 14:22:27 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1486128147; bh=OmMnZ8xQYV9I/HDYsxsJWoitoUKHdkPqcMWzhxGiUzc=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=jOf6DYPHwfNIVvdApG+6bLABJypyzMltf15fMxukdzsEZg7gliHOjycLDaQVOLK0H j8zpeaQVHN5OaTPYd8ErAH8CnV0dpebfjafzRsRbmwOAuxwF9HFGlj/5cTAtMgmTJu 0oq53V5J366c8SfuSqPfBTUHDYwBaUnRKUF2DqXs=
Received: from [192.168.178.72] (unknown [93.211.115.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id E9A6415A049C; Fri, 3 Feb 2017 14:22:25 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1486128146; bh=OmMnZ8xQYV9I/HDYsxsJWoitoUKHdkPqcMWzhxGiUzc=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=GRjJoRGndAbo9bsztpGasZA0/JACGDafOZDVrzFUDCyn6yK3VhGTwEzhxkA+kBWiJ di1saglOqaYl62L3eMmwi3X4w7CaUTd8dw/S3+bbGHuLacMZV9ObIMGO6fsEjCq7uC vY4JoHdoTKeDosanFo0GjcurSJxjpPUG9z1UG008=
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Stefan Eissing <stefan.eissing@greenbytes.de>
In-Reply-To: <2DAB7A8F-2614-4448-8DA9-6967E6E3BD06@mnot.net>
Date: Fri, 3 Feb 2017 14:22:24 +0100
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Martin Thomson <martin.thomson@gmail.com>, "Nygren, Erik" <nygren@akamai.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <933D3A82-615A-4C75-8F3D-8298E8C6969E@greenbytes.de>
References: <C3CCA267-F5B5-4827-AC27-9853BDADACDE@mnot.net> <CABkgnnWaN6Kaq28=a+At_YQcZmG_o0-VRMAWBABzdLz-RBxxPA@mail.gmail.com> <5D2EB826-204B-44FC-AB42-B0BBECF9AE62@mnot.net> <CABkgnnX26M2P1Kp-PxPDzREZGp0nGfuJubgTqrs9Hr7n8ttqdA@mail.gmail.com> <373E9285-B023-4D42-A749-368649E34252@mnot.net> <2DAB7A8F-2614-4448-8DA9-6967E6E3BD06@mnot.net>
To: Mark Nottingham <mnot@mnot.net>
X-Mailer: Apple Mail (2.3259)
Received-SPF: pass client-ip=5.10.171.186; envelope-from=stefan.eissing@greenbytes.de; helo=mail.greenbytes.de
X-W3C-Hub-Spam-Status: No, score=-4.3
X-W3C-Hub-Spam-Report: AWL=-0.300, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1cZdpH-0003wc-2e c53ab257104da3571be96f3e42a18c1c
X-Original-To: ietf-http-wg@w3.org
Subject: Re: ORIGIN - suggested changes
Archived-At: <http://www.w3.org/mid/933D3A82-615A-4C75-8F3D-8298E8C6969E@greenbytes.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33436
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Looks good to me.

*But* I think I would be good to have an ORIGIN frame that says: please revert your ORIGIN set back to undefined for this connection (and erase all 421 derived information).

This should be less complex than individual removes and provide for changes on very long lived connections.

-Stefan

> Am 03.02.2017 um 01:43 schrieb Mark Nottingham <mnot@mnot.net>et>:
> 
> I've done some more updating:
>  https://github.com/httpwg/http-extensions/pull/285
> 
> At this point, the diff isn't too helpful, so see attached.
> 
> Changes include:
> 
> 1. Removing set manipulation flags
> 2. Reserving some flags for future backwards-incompatible extensions (which makes me feel a bit better about #1)
> 3. Note impact upon Server Push
> 4. Added IANA Considerations and Operational Considerations
> 5. Lots of clarifications
> 
> Feedback welcome, as always.
> 
> 
> <draft-ietf-httpbis-origin-frame.html>
> 
> 
>> On 2 Feb 2017, at 12:30 pm, Mark Nottingham <mnot@mnot.net> wrote:
>> 
>> 
>>> On 2 Feb 2017, at 12:23 pm, Martin Thomson <martin.thomson@gmail.com> wrote:
>>> 
>>> On 2 February 2017 at 10:12, Mark Nottingham <mnot@mnot.net> wrote:
>>>> I don't buy the argument that removal itself adds complexity. Implementations already need to remember what origins they received a 421 for, so they already have the concept of origin set removal.
>>> 
>>> Well, you just established why it might be unnecessary.  The gain here
>>> is in the client not sending a request to the wrong place.  But if
>>> this is rare enough, then that cost is probably bearable.
>> 
>> Right, but the whole point of ORIGIN is to avoid those situations. 
>> 
>> 
>>> The "everything except those" case doesn't concern me that much.
>>> Iknow it's relatively common, but it is fairly rare that the set of
>>> origins that are used is not easily enumerable, or incrementally
>>> discoverable.
>> 
>> Spoken like a true browser vendor :) 
>> 
>> It'd be good to get a bit more data here from server-side folks. Anyone share this concern? I note that Nick seems to be OK with it.
>> 
>> Cheers,
>> 
>> --
>> Mark Nottingham   https://www.mnot.net/
>> 
>> 
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 

Stefan Eissing

<green/>bytes GmbH
Hafenstrasse 16
48155 M√ľnster
www.greenbytes.de