Re: HTTP router point-of-view concerns

Christian Parpart <trapni@gmail.com> Fri, 12 July 2013 12:48 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7F2311E8106 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 12 Jul 2013 05:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l5qA+zURIdlY for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 12 Jul 2013 05:48:50 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 4F6AF11E80F9 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 12 Jul 2013 05:48:49 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UxclI-0005PX-19 for ietf-http-wg-dist@listhub.w3.org; Fri, 12 Jul 2013 12:47:48 +0000
Resent-Date: Fri, 12 Jul 2013 12:47:48 +0000
Resent-Message-Id: <E1UxclI-0005PX-19@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <trapni@gmail.com>) id 1UxclA-0005Or-AM for ietf-http-wg@listhub.w3.org; Fri, 12 Jul 2013 12:47:40 +0000
Received: from mail-qa0-f42.google.com ([209.85.216.42]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <trapni@gmail.com>) id 1Uxcl5-0008PH-Oa for ietf-http-wg@w3.org; Fri, 12 Jul 2013 12:47:40 +0000
Received: by mail-qa0-f42.google.com with SMTP id hu16so299688qab.15 for <ietf-http-wg@w3.org>; Fri, 12 Jul 2013 05:47:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iZY/nl2J4rWIY8UtqhTs1lPvl0uCW548wPo428M2BXI=; b=oHADtnzoKNi2I7l+qe7A+T3nYP1n6tmIiRbmXTaQHvJe9OMLcuWpsMmedGZ/L7CIg/ CnebqLn6MItx1eKmwV8ionRoC0Dj9DnrAm29V2vpnneLHM44VlhrPJsnHg9J9Yf/WwY8 EFJzw/W6+S2X+VAwO4ShY70QIXFZrRVsHqTjurdtufGM++bXoxi+spP6xQ+YH+VaiZ2T f9OuzCJUSNfj5OY4t3TN898oyN4qXYvqXL87i00xn8CEw3h0YDSPAzqx6nV1UVOcwSso VBuWDz09lpL74OayyoJMAmS597/k2jRH8V4I4ieawINB1BbhIrUAZW5wlD7mx7wtcfj1 kiyQ==
MIME-Version: 1.0
X-Received: by 10.49.1.74 with SMTP id 10mr34268184qek.20.1373633230082; Fri, 12 Jul 2013 05:47:10 -0700 (PDT)
Received: by 10.49.97.229 with HTTP; Fri, 12 Jul 2013 05:47:09 -0700 (PDT)
In-Reply-To: <C0C65ACC-673E-4E07-B2D0-B84723755E6F@apple.com>
References: <CA+qvzFPUpcm6kUtJx+rTw8Dpp4Gtx4Bmr3XPDhjNsjchUfN9_w@mail.gmail.com> <51DE1E32.9010801@treenet.co.nz> <CAP+FsNdcYhA=V5Z+zbt70b5e7WmcmXgjG5M9L3vfXeXfTwmRnw@mail.gmail.com> <51DE327C.7010901@treenet.co.nz> <CABkgnnXeqD6wh0dcJ1Dz=4PLAJNkDeGcCuzMr9ATd_7xS7nbGQ@mail.gmail.com> <CABP7RbcUkLf3CTAB4jwicnsiKWLGVY6=hX0k=0256SR_gcVt9A@mail.gmail.com> <092D65A8-8CB7-419D-B6A4-77CAE40A0026@gmail.com> <3835.1373612286@critter.freebsd.dk> <CD9E163F-1225-4DA8-9982-8BDBD16B1051@mnot.net> <1772.1373629495@critter.freebsd.dk> <C0C65ACC-673E-4E07-B2D0-B84723755E6F@apple.com>
Date: Fri, 12 Jul 2013 14:47:09 +0200
Message-ID: <CA+qvzFPya3nVZBV2Wes2gWQqgTa34gXb9DK8zhoK1GNx52XCXQ@mail.gmail.com>
From: Christian Parpart <trapni@gmail.com>
To: Michael Sweet <msweet@apple.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, Sam Pullara <spullara@gmail.com>, James M Snell <jasnell@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="047d7b6d82febb1c7e04e14fe877"
Received-SPF: pass client-ip=209.85.216.42; envelope-from=trapni@gmail.com; helo=mail-qa0-f42.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.710, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1Uxcl5-0008PH-Oa c91a6cbf7c8a378019b5f4bd24e32147
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP router point-of-view concerns
Archived-At: <http://www.w3.org/mid/CA+qvzFPya3nVZBV2Wes2gWQqgTa34gXb9DK8zhoK1GNx52XCXQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18723
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Fri, Jul 12, 2013 at 2:40 PM, Michael Sweet <msweet@apple.com> wrote:

> Then just add the User-Agent and Server values to the settings frames the
> client and server exchange?
>

if it would be *that* simple, then dont' forget the cookie and the
user-agent.


> Sent from my iPad
>
> On 2013-07-12, at 7:44 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>
> > In message <CD9E163F-1225-4DA8-9982-8BDBD16B1051@mnot.net>, Mark
> Nottingham wri
> > tes:
> >
> >> This has been brought up a number of times. I think what we need is a =
> >> concrete proposal *with* a detailed plan for a workable transition to =
> >> the new mechanism -- which seems to be the (or at least one) sticking =
> >> point whenever this comes up.
> >
> > I have given a concrete example multiple times, it's very simple:
> >
> >    The client always sends along a session-identifier of N (128?)
> >    bits.
> >
> >    If the first bit is zero, this is an anonymous, transient
> >    session, not (to be) associated with any other session.
> >
> >    If the first bit is one, this is a persistent session
> >    identifier, which the server can use to look up any relevant
> >    state or information from previous instances of this
> >    session, in its local database.
> >
> >    This replaces the Cookie: and Set-Cookie: headers, which
> >    SHALL NOT be sent in the HTTP/2.0 protocol.
> >
> > Advantages:
> >
> >    We get a fixed size session-identifier for HTTP routers to
> >    use for flow-routing.
> >
> >    We get an actual (client controlled) session-concept, rather
> >    than all sorts of ad-hoc simulations with cookies.
> >
> >    Data with privacy-concerns are stored on the server not on
> >    random clients the user happens to borrow or use.
> >
> >    The overhead of encrypting and signing the data in cookies
> >    is avoided, since they are stored on the server side where
> >    nobody can fudge them.
> >
> > Backwards compatibility:
> >
> >    It should be obvious that simulating the Cookie concept for
> >    framework compatibility on the server side is a trivial
> >    matter of programming:  Rather than send set-cookies, write
> >    them to a database, indexed by the session-id.  Rather than
> >    receive Cookie: headers, look them up in the database.
> >
> > There, solved.
> >
> > Again.
> >
> > --
> > Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> > phk@FreeBSD.ORG         | TCP/IP since RFC 956
> > FreeBSD committer       | BSD since 4.3-tahoe
> > Never attribute to malice what can adequately be explained by
> incompetence.
> >
>
>