Fwd: New Version Notification for draft-nottingham-site-wide-headers-01.txt

Mark Nottingham <mnot@mnot.net> Thu, 24 November 2016 02:32 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id B4BBE1294CE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 23 Nov 2016 18:32:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.397
X-Spam-Status: No, score=-8.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 2nQGIG5j6Npr for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 23 Nov 2016 18:32:28 -0800 (PST)
Received: from frink.w3.org (frink.w3.org []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B43F51294A7 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 23 Nov 2016 18:32:28 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c9jmP-0002tk-Ob for ietf-http-wg-dist@listhub.w3.org; Thu, 24 Nov 2016 02:28:53 +0000
Resent-Date: Thu, 24 Nov 2016 02:28:53 +0000
Resent-Message-Id: <E1c9jmP-0002tk-Ob@frink.w3.org>
Received: from titan.w3.org ([]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1c9jmJ-0002st-0z for ietf-http-wg@listhub.w3.org; Thu, 24 Nov 2016 02:28:47 +0000
Received: from mxout-07.mxes.net ([]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <mnot@mnot.net>) id 1c9jmC-0006mZ-JQ for ietf-http-wg@w3.org; Thu, 24 Nov 2016 02:28:41 +0000
Received: from [] (unknown []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 001E922E255; Wed, 23 Nov 2016 21:28:16 -0500 (EST)
From: Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8C669DE0-CDC9-48AD-A5DA-59F6A2190E5F"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Thu, 24 Nov 2016 13:28:13 +1100
References: <147995400666.32746.15867339667353417986.idtracker@ietfa.amsl.com>
Cc: Mike West <mkwst@google.com>, "Emily Stark (Dunn)" <estark@google.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <FCDFC352-5D68-456F-AFF4-39E9E1697AF2@mnot.net>
X-Mailer: Apple Mail (2.3251)
Received-SPF: pass client-ip=; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-8.1
X-W3C-Hub-Spam-Report: AWL=1.543, BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c9jmC-0006mZ-JQ 188389631a9f54142863a0d5737d613c
X-Original-To: ietf-http-wg@w3.org
Subject: Fwd: New Version Notification for draft-nottingham-site-wide-headers-01.txt
Archived-At: <http://www.w3.org/mid/FCDFC352-5D68-456F-AFF4-39E9E1697AF2@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32984
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

FYI, updated draft.

Prettier (and latest) version available at:
  https://mnot.github.io/I-D/site-wide-headers/ <https://mnot.github.io/I-D/site-wide-headers/>

Biggest change in this revision is restricting site-wide headers to a whitelist + a prefix ("site-"). Feedback appreciated.

I talked to a number of folks about this in Seoul, and it seems like some potential implementers have a preference for a header-based approach, rather than creating a JSON data structure with semantics that diverge from headers.

This is my gut feeling too, but it could be that they were agreeing with me because I was there. Another approach is suggested by Mike West here:
  https://wicg.github.io/origin-policy/ <https://wicg.github.io/origin-policy/>

More than anything, I'd like to have a discussion about this and see if we can move forward, in one direction or another (I don't think the differences between the proposals represent insurmountable hurdles). That's because we continue to have new site-wide mechanisms defined, e.g.:
  https://tools.ietf.org/html/draft-stark-expect-ct <https://tools.ietf.org/html/draft-stark-expect-ct>


> Begin forwarded message:
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-nottingham-site-wide-headers-01.txt
> Date: 24 November 2016 at 1:20:06 pm AEDT
> To: "Mark Nottingham" <mnot@mnot.net>
> A new version of I-D, draft-nottingham-site-wide-headers-01.txt
> has been successfully submitted by Mark Nottingham and posted to the
> IETF repository.
> Name:		draft-nottingham-site-wide-headers
> Revision:	01
> Title:		Site-Wide HTTP Headers
> Document date:	2016-11-24
> Group:		Individual Submission
> Pages:		10
> URL:            https://www.ietf.org/internet-drafts/draft-nottingham-site-wide-headers-01.txt
> Status:         https://datatracker.ietf.org/doc/draft-nottingham-site-wide-headers/
> Htmlized:       https://tools.ietf.org/html/draft-nottingham-site-wide-headers-01
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-nottingham-site-wide-headers-01
> Abstract:
>   This document specifies an alternative way for Web sites to send HTTP
>   response header fields that apply to an entire origin, to improve
>   efficiency.
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> The IETF Secretariat

Mark Nottingham   https://www.mnot.net/