Received: by ietfa.amsl.com (Postfix) id E65F6C14F713; Sat, 27 Jul 2024 22:31:16 -0700 (PDT) Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E59D9C14F708 for ; Sat, 27 Jul 2024 22:31:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.86 X-Spam-Level: X-Spam-Status: No, score=-2.86 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="fj7t1Wd1"; dkim=pass (2048-bit key) header.d=w3.org header.b="Ot78EILD"; dkim=pass (2048-bit key) header.d=gmail.com header.b="NhD4FTl9" Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sm8ABG9pqBVf for ; Sat, 27 Jul 2024 22:31:16 -0700 (PDT) Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAF3DC14F705 for ; Sat, 27 Jul 2024 22:31:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=Rph0jAXRXtuoHK8LSf65LIammXqVrjiJJ+qvZsTn8t8=; b=fj7t1Wd1NUD6dGcBdhZyv23ln6 8CmwcTf8yMPqsHTif9C3PNx9YpmeEhKUDVkq603V3bxJK1zfRqWXCW/W74oav9QzEUSbtE4Zm1Y4Z robjb3/cUbbWbtrBtitJRx5SEOw1kE04JAsRlj0BWjfw6i8z2OQUE+n1FDvdzoKTtPSID8x5USbd9 HTypuEBVQ9CqLaDyB4lqqYd3+YJ1r8cUmezPTsdXWmLuFioNzRuYQHwMqOpDkuafIedwss81QVYvh hlb/1Xu2LTUiQzJHc2bV5Gf0WPCIofCDk0DacdJj8PmYh5oluCiIslZW5OYh9/5Zwdq8it39cMUEF OoAUAJVg==; Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from ) id 1sXwUI-00CaIi-2r for ietf-http-wg-dist@listhub.w3.org; Sun, 28 Jul 2024 05:30:30 +0000 Resent-Date: Sun, 28 Jul 2024 05:30:30 +0000 Resent-Message-Id: Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1sXwUF-00CaHl-1Z for ietf-http-wg@listhub.w3.internal; Sun, 28 Jul 2024 05:30:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=Rph0jAXRXtuoHK8LSf65LIammXqVrjiJJ+qvZsTn8t8=; t=1722144627; x=1723008627; b=Ot78EILDiQiL3sSAdSRh1kKPK+B+J4vWGnK4RT4W3rccRYx7zMC7PpTIlnEMPStXmQCo+hEz/qM dcqIYOkDCpiC8B7pVt2DIOibKYEtn4NV8Tib5onHfXO20yGzs8IAh13oiTt9C6hxtLibgEeHozokL nBZJxZ34Qf/MeKYKZC72ol43EC8xv6DDDUuMU6lN9FT+N6v66i8k36LKS6UFVXc2WK3BF5Upgst0h 5gGBODKvDZOj/JDbk9Ehr8PSrLt6pJlfT8+NJuw1XIUmitkyHZXb9JT/xCIjLzPP7zjjM1m5xTl3J N2qaVzhbPdDzRDS+u4Pwd3Ufs4B2zJ6mXelQ==; Received-SPF: pass (puck.w3.org: domain of gmail.com designates 2607:f8b0:4864:20::c33 as permitted sender) client-ip=2607:f8b0:4864:20::c33; envelope-from=joshco@gmail.com; helo=mail-oo1-xc33.google.com; Received: from mail-oo1-xc33.google.com ([2607:f8b0:4864:20::c33]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1sXwUE-005KnC-34 for ietf-http-wg@w3.org; Sun, 28 Jul 2024 05:30:27 +0000 Received: by mail-oo1-xc33.google.com with SMTP id 006d021491bc7-5d5d077c60aso772720eaf.1 for ; Sat, 27 Jul 2024 22:30:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722144623; x=1722749423; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Rph0jAXRXtuoHK8LSf65LIammXqVrjiJJ+qvZsTn8t8=; b=NhD4FTl9aXN4PRAX7UVEYWCKiz0hMkfhzKc9Oov+AvIFWIr99tQ52XOzLq8MvC8feR gouPBgPvxDYEkcyXbmVotFAvDZComMmRnwcpjjOz+e4iIyF/XcDK9eaiaisZOeOUAkpd WdCUfK7R2iEpeS7zAXIJ6YZIz9I0sp7ht9hrPPbAAqlMHrEAXDT/nr+UY/vbKEAtVQel ePm8iMd7G5CFTJUmoIqsgtaecPNFr9bxzy2Bk08HB+a85/65AWacweE8bI9QDCg+6aR7 yUji/gXbjLXJOwdEu5ZSp7cX3s08v5ka9W5iBWytE0d3Ms29SRC8HcdXCmySfVQcKEvt 6Bqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722144623; x=1722749423; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Rph0jAXRXtuoHK8LSf65LIammXqVrjiJJ+qvZsTn8t8=; b=vyXdgtmvvkdIGbuOwFkFbvmtbho+c5xYwPXWS1qgUXVXIau1Mjs675MTtb+fVwyMGf s7Rri/eelea6BA4tvvQHwOQ7gpVe0YSRie9ybkJX864F8HjszNyfdYVB3oApeJJcFHRR eJAEp4JJ2PtwIOPtwm1trHX0wAK81IQlcNhM6HplmfAYXZErVYxav+v5q7UHz/51TfsA pdRBi915Aq4qdjgP1b4H99BXCcdCvHD3rX9xZU/nWkWXxUPI9A/w72kwQLvHtiSuTYBR pJGFlmJjWmd07l5HEsHNeko4dMtHoiPYjTZRhLlKX36Qpoj1tMS/ph1YJDfli8F92ggf c5jg== X-Gm-Message-State: AOJu0YzzLX4CI4h5EYYbBpBQfKQD6BK84vUH65+XyCk5jPGHxN/hQiVE vtfpI7qvJyF+cqmyHQh3qE1fTjbumnuAijT0ayXy2hA1RS7TlatAcyBNXaxzxmuvqlE/OmPCr7O q/O6ZcoKqUwgJTl2iwlLmUphxMJc= X-Google-Smtp-Source: AGHT+IHJEHv8E4MlAcBV5ReLpuyGlMx8nklpK3Dg6K2H5xypwDSc2l4bxw8GBSSD/uOvBny7N6DqFYQMYWTQ+H2ROhE= X-Received: by 2002:a05:6820:626:b0:5c4:e8d:58be with SMTP id 006d021491bc7-5d5d0e965edmr4277756eaf.3.1722144623015; Sat, 27 Jul 2024 22:30:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Josh Cohen Date: Sat, 27 Jul 2024 22:30:11 -0700 Message-ID: To: Julian Reschke Cc: ietf-http-wg@w3.org Content-Type: multipart/alternative; boundary="00000000000081c1e0061e480a7a" X-W3C-Hub-DKIM-Status: validation passed: (address=joshco@gmail.com domain=gmail.com), signature is good X-W3C-Hub-Spam-Status: No, score=-5.1 X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1 X-W3C-Scan-Sig: puck.w3.org 1sXwUE-005KnC-34 b452a013cd7277f86d053485a77da455 X-Original-To: ietf-http-wg@w3.org Subject: Re: Method Mania Archived-At: Resent-From: ietf-http-wg@w3.org X-Mailing-List: archive/latest/52161 X-Loop: ietf-http-wg@w3.org Resent-Sender: ietf-http-wg-request@w3.org Precedence: list List-Id: List-Help: List-Post: List-Unsubscribe: --00000000000081c1e0061e480a7a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Same here.. Patrick also said: > > "The better question is under what circumstances do we want to allow > those devices to "break" and force them to fix the implementations?" Maybe a reasonable interpretation of Patrick's statement is that it's time to be *bold. *HTTP/1.1 RFC2616 was published in 1999. It's the 25 year anniversary. =F0=9F=A5=B3 In the intervening years, the IETF has done a gr= eat job evolving the transport. That's created the foundation for things we couldn't do back then. I don't think it was a coincidence that Lisa Dusseault was in the room. The universe is speaking to us. Maybe it's time for a WebDAV re-spin.. The web could also have standardized pub/sub. If we add new functionality that users and devs want, and makes admin life easier, that could be helpful in driving better implementations, and uptake of HTTP/2/3 and masque proxying. On Sat, Jul 27, 2024 at 10:07=E2=80=AFPM Julian Reschke wrote: > On 27.07.2024 16:44, Patrick Meenan wrote: > > > > > > On Sat, Jul 27, 2024 at 4:23=E2=80=AFAM Julian Reschke > > wrote: > > > > On 26.07.2024 00:27, Josh Cohen wrote: > > > On the httpwg agenda at IETF 120 were a proposal for a new QUERY > > method > > > and Braid, which has subscription functionality that overloads > > the GET > > > method. > > > > > > What I am curious about is if, at this point in the evolution of > the > > > web, it is now safe to add new methods for new functionality. > > I've been > > > reading up on HTTP/2/3 and it seems that nowadays, connections a= re > > > end-to-end secure and are essentially tunneled through middle > boxes, > > > including HTTP/1.1 proxies. I'm still just wrapping my head arou= nd > > > MASQUE, but it looks like it can handle arbitrary methods. > Similarly > > > origin servers have evolved to support arbitrary methods. > > > > It always has been "safe", when https was used. > > > > > > https is not "safe" in practical terms because of middleboxes that > > intercept the connections. It is very common in enterprise deployments > > where they install local trust anchors on the client devices and use > > mitm software to inspect the traffic. > > ... > > I meant "safe" wrt deploying new HTTP methods. > > When was the last time you encountered a problem? > > Best regards, Julian > > > > > --=20 --- *Josh Co*hen --00000000000081c1e0061e480a7a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Same here..=C2=A0 Patrick also said:
"The better question is under what circumstances do we want to allow those devic= es to "break" and force them to fix the implementations?"

Maybe a reasonable interpretation of Patr= ick's statement is that it's time to be=C2=A0bold.=C2=A0=C2=A0HTTP/1.1 RFC2616 was published in 1999.=C2=A0 It's the 25 year annive= rsary.=C2=A0=F0=9F=A5=B3 =C2=A0In the intervening years, the IETF has done = a great job evolving the transport.=C2=A0 That's created the foundation= for things we couldn't do back then.=C2=A0 =C2=A0I don't think it = was a coincidence that Lisa Dusseault was in the room.=C2=A0 The universe i= s speaking to us.=C2=A0 Maybe it's time for a WebDAV re-spin..=C2=A0 Th= e web could also have standardized pub/sub.=C2=A0=C2=A0

If we add new functionality that users and devs want, and makes admin= life easier, that could be helpful in driving better implementations, and = uptake of HTTP/2/3 and masque proxying.


=



On Sat, Jul 27, 2024 at 10:07= =E2=80=AFPM Julian Reschke <jul= ian.reschke@gmx.de> wrote:
On 27.07.2024 16:44, Patrick Meenan wrote:
>
>
> On Sat, Jul 27, 2024 at 4:23=E2=80=AFAM Julian Reschke <julian.reschke@gmx.de > <mailto:= julian.reschke@gmx.de>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0On 26.07.2024 00:27, Josh Cohen wrote:
>=C2=A0 =C2=A0 =C2=A0 > On the httpwg agenda at IETF 120 were a propo= sal for a new QUERY
>=C2=A0 =C2=A0 =C2=A0method
>=C2=A0 =C2=A0 =C2=A0 > and Braid, which has subscription functionali= ty that overloads
>=C2=A0 =C2=A0 =C2=A0the GET
>=C2=A0 =C2=A0 =C2=A0 > method.
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > What I am curious about is if, at this point = in the evolution of the
>=C2=A0 =C2=A0 =C2=A0 > web, it is now safe to add new methods for ne= w functionality.
>=C2=A0 =C2=A0 =C2=A0I've been
>=C2=A0 =C2=A0 =C2=A0 > reading up on HTTP/2/3 and it seems that nowa= days, connections are
>=C2=A0 =C2=A0 =C2=A0 > end-to-end secure and are essentially tunnele= d through middle boxes,
>=C2=A0 =C2=A0 =C2=A0 > including HTTP/1.1 proxies. I'm still jus= t wrapping my head around
>=C2=A0 =C2=A0 =C2=A0 > MASQUE, but it looks like it can handle arbit= rary methods.=C2=A0 Similarly
>=C2=A0 =C2=A0 =C2=A0 > origin servers have evolved to support arbitr= ary methods.
>
>=C2=A0 =C2=A0 =C2=A0It always has been "safe", when https was= used.
>
>
> https is not "safe" in practical terms because of middleboxe= s that
> intercept the connections. It is very common in enterprise deployments=
> where they install local trust anchors on the client devices and use > mitm software to inspect the traffic.
> ...

I meant "safe" wrt deploying new HTTP methods.

When was the last time you encountered a problem?

Best regards, Julian






--

---
<= b>Josh Cohen=C2=A0

--00000000000081c1e0061e480a7a--