Re: ORIGIN - suggested changes

Stefan Eissing <stefan.eissing@greenbytes.de> Mon, 06 February 2017 10:21 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 008B7129CCD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 Feb 2017 02:21:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.022
X-Spam-Level:
X-Spam-Status: No, score=-7.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=greenbytes.de header.b=Pzb7OKcD; dkim=pass (1024-bit key) header.d=greenbytes.de header.b=psc64z+2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vdjx-b81w4Jt for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 6 Feb 2017 02:21:33 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1B20129CCB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 6 Feb 2017 02:21:32 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cagMz-0002oD-S0 for ietf-http-wg-dist@listhub.w3.org; Mon, 06 Feb 2017 10:18:01 +0000
Resent-Date: Mon, 06 Feb 2017 10:18:01 +0000
Resent-Message-Id: <E1cagMz-0002oD-S0@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <stefan.eissing@greenbytes.de>) id 1cagMv-0002nD-KK for ietf-http-wg@listhub.w3.org; Mon, 06 Feb 2017 10:17:57 +0000
Received: from mail.greenbytes.de ([5.10.171.186]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <stefan.eissing@greenbytes.de>) id 1cagMm-0008TN-Sp for ietf-http-wg@w3.org; Mon, 06 Feb 2017 10:17:50 +0000
Received: by mail.greenbytes.de (Postfix, from userid 117) id 5656915A0734; Mon, 6 Feb 2017 11:17:21 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1486376241; bh=/XmZxvrRLwAipOEIvIhQLbxHN1VXRQLdlis02ZRnC/I=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=Pzb7OKcDdTm7F4o7X70mOyUczluxGslBU3Wojt3gHxwdo6maIyYvIO+d4u3rHYyej lvfQhmHNRszPlRw4EISEqJSOYaL+/UtE8qYhkVP+GAvNCWQcnNdl7kEmGVffI9YJuN omhCaTGCqBStD1hDcZPC/sLYWUpvi+B6UBy1gwvw=
Received: from [192.168.1.175] (unknown [192.168.1.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 1365415A0734; Mon, 6 Feb 2017 11:17:19 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1486376240; bh=/XmZxvrRLwAipOEIvIhQLbxHN1VXRQLdlis02ZRnC/I=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=psc64z+2grcXDi/Tyxndw+gOA4mgd9WNLmI5CiXwhAI/dMbzYmdRufqNW7LHQQdQS FOb3GUlyPVyve376FGa4zRacnDlgq+j1Nqr6qSyHA+Vn+BslAPfCrjCUXC6ZIZaGQY dgEvitmMD6oaAl9OON8dU3VZouBl6+hv04FSxfLo=
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Stefan Eissing <stefan.eissing@greenbytes.de>
In-Reply-To: <CAOdDvNrcQGVyRaqF8462xVCrRw=x9nDwHRHOXq0or46iaRDBFg@mail.gmail.com>
Date: Mon, 6 Feb 2017 11:17:19 +0100
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Martin Thomson <martin.thomson@gmail.com>, "Nygren, Erik" <nygren@akamai.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8AF72552-A87C-409D-A873-8997C52CFA38@greenbytes.de>
References: <C3CCA267-F5B5-4827-AC27-9853BDADACDE@mnot.net> <CABkgnnWaN6Kaq28=a+At_YQcZmG_o0-VRMAWBABzdLz-RBxxPA@mail.gmail.com> <5D2EB826-204B-44FC-AB42-B0BBECF9AE62@mnot.net> <CABkgnnX26M2P1Kp-PxPDzREZGp0nGfuJubgTqrs9Hr7n8ttqdA@mail.gmail.com> <373E9285-B023-4D42-A749-368649E34252@mnot.net> <2DAB7A8F-2614-4448-8DA9-6967E6E3BD06@mnot.net> <933D3A82-615A-4C75-8F3D-8298E8C6969E@greenbytes.de> <4E2307AE-721B-4F4F-9B72-5E661273C704@mnot.net> <CAOdDvNrcQGVyRaqF8462xVCrRw=x9nDwHRHOXq0or46iaRDBFg@mail.gmail.com>
To: McManus Patrick <mcmanus@ducksong.com>
X-Mailer: Apple Mail (2.3259)
Received-SPF: pass client-ip=5.10.171.186; envelope-from=stefan.eissing@greenbytes.de; helo=mail.greenbytes.de
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: AWL=-1.147, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1cagMm-0008TN-Sp 5b071e3adcb45a023d2a353e29a9229e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: ORIGIN - suggested changes
Archived-At: <http://www.w3.org/mid/8AF72552-A87C-409D-A873-8997C52CFA38@greenbytes.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33446
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> Am 05.02.2017 um 14:44 schrieb Patrick McManus <mcmanus@ducksong.com>om>:
> 
> I feel that ORIGIN has succeeded in getting unparked by being very attuned to specific use cases.. first it turned into a "sni only" settings bit, and now (based on use case) an explicit declarative opt-in. to me - that feels right.
> 
> I view this as declarative - if your configuration changes GOAWAY or Alt-Svc are probably better ways to manage it. I spitballed that we should only allow 1 ORIGIN frame, but that basically isn't plausible due to size limitations, I don't really expect it to be used to dribble updates over time. (but normatively enforcing that would require some kind of CONTINUATION world I hope nobody wants to entertain.)

I'm fine with this alternate way of handling changes. GOAWAY will probably be my choice, avoiding complexity.

Will track my implementation efforts here (https://github.com/icing/mod_h2/issues/96) for anyone interested or wanting to give feedback.

Cheers, Stefan

> -P
> 
> 
> On Saturday, February 4, 2017, Mark Nottingham <mnot@mnot.net> wrote:
> Hey Stefan,
> 
> > On 4 Feb 2017, at 12:22 am, Stefan Eissing <stefan.eissing@greenbytes.de> wrote:
> >
> > Looks good to me.
> >
> > *But* I think I would be good to have an ORIGIN frame that says: please revert your ORIGIN set back to undefined for this connection (and erase all 421 derived information).
> >
> > This should be less complex than individual removes and provide for changes on very long lived connections.
> 
> I hear what you're saying, but so far the strongest blocker for this spec has been complexity, so I'd like to hear what others (especially implementers on the client side, where most of the work is) think.
> 
> 
> 
> 
> >
> > -Stefan
> >
> >> Am 03.02.2017 um 01:43 schrieb Mark Nottingham <mnot@mnot.net>et>:
> >>
> >> I've done some more updating:
> >> https://github.com/httpwg/http-extensions/pull/285
> >>
> >> At this point, the diff isn't too helpful, so see attached.
> >>
> >> Changes include:
> >>
> >> 1. Removing set manipulation flags
> >> 2. Reserving some flags for future backwards-incompatible extensions (which makes me feel a bit better about #1)
> >> 3. Note impact upon Server Push
> >> 4. Added IANA Considerations and Operational Considerations
> >> 5. Lots of clarifications
> >>
> >> Feedback welcome, as always.
> >>
> >>
> >> <draft-ietf-httpbis-origin-frame.html>
> >>
> >>
> >>> On 2 Feb 2017, at 12:30 pm, Mark Nottingham <mnot@mnot.net> wrote:
> >>>
> >>>
> >>>> On 2 Feb 2017, at 12:23 pm, Martin Thomson <martin.thomson@gmail.com> wrote:
> >>>>
> >>>> On 2 February 2017 at 10:12, Mark Nottingham <mnot@mnot.net> wrote:
> >>>>> I don't buy the argument that removal itself adds complexity. Implementations already need to remember what origins they received a 421 for, so they already have the concept of origin set removal.
> >>>>
> >>>> Well, you just established why it might be unnecessary.  The gain here
> >>>> is in the client not sending a request to the wrong place.  But if
> >>>> this is rare enough, then that cost is probably bearable.
> >>>
> >>> Right, but the whole point of ORIGIN is to avoid those situations.
> >>>
> >>>
> >>>> The "everything except those" case doesn't concern me that much.
> >>>> Iknow it's relatively common, but it is fairly rare that the set of
> >>>> origins that are used is not easily enumerable, or incrementally
> >>>> discoverable.
> >>>
> >>> Spoken like a true browser vendor :)
> >>>
> >>> It'd be good to get a bit more data here from server-side folks. Anyone share this concern? I note that Nick seems to be OK with it.
> >>>
> >>> Cheers,
> >>>
> >>> --
> >>> Mark Nottingham   https://www.mnot.net/
> >>>
> >>>
> >>
> >> --
> >> Mark Nottingham   https://www.mnot.net/
> >>
> >
> > Stefan Eissing
> >
> > <green/>bytes GmbH
> > Hafenstrasse 16
> > 48155 Münster
> > www.greenbytes.de
> >
> >
> 
> --
> Mark Nottingham   https://www.mnot.net/

Stefan Eissing

<green/>bytes GmbH
Hafenstrasse 16
48155 Münster
www.greenbytes.de