Re: Communicating Warning Information in HTTP APIs
Eric J Bowman <mellowmutt@zoho.com> Fri, 25 September 2020 22:49 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA3C3A0A56 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2020 15:49:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.77
X-Spam-Level:
X-Spam-Status: No, score=-2.77 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (768-bit key) header.from=mellowmutt@zoho.com header.d=zoho.com; dkim=pass (1024-bit key) header.d=zoho.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3YumWTJGB_At for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Sep 2020 15:49:52 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 154D73A08D6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 25 Sep 2020 15:49:51 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1kLwUv-0005V0-E9 for ietf-http-wg-dist@listhub.w3.org; Fri, 25 Sep 2020 22:47:25 +0000
Resent-Date: Fri, 25 Sep 2020 22:47:25 +0000
Resent-Message-Id: <E1kLwUv-0005V0-E9@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mellowmutt@zoho.com>) id 1kLwUq-0005Tq-PS for ietf-http-wg@listhub.w3.org; Fri, 25 Sep 2020 22:47:21 +0000
Received: from sender4-pp-o93.zoho.com ([136.143.188.93]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <mellowmutt@zoho.com>) id 1kLwUo-0000zb-0Q for ietf-http-wg@w3.org; Fri, 25 Sep 2020 22:47:20 +0000
ARC-Seal: i=1; a=rsa-sha256; t=1601074020; cv=none; d=zohomail.com; s=zohoarc; b=dNkdv7y49jOs0lYCriDxE5hO34/cG3zfo1FC7hFNiSS6vxxeAmNwEZjG+xbS/DWvT9z/AvJ/1BS8Laxk7tVgis+N6GXbJUF++VovUm2LbgwFnWwmzlI34f1QtZu679kuoR1TDbLN//4NtXHzrVhuDQOgXY/NL2TU3dbSY+A2SBk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1601074020; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=P0FDDa8X1vFUNhzJSmbNBYH9S/y4KJKo43tXGrBOQVQ=; b=Mul/rTn8ZaIFD0uTnONAkLztOvaAYqXrnnIgwTBscRkSa5D+i1jPSx2HBFqIbmdUDbTdN2+J84E2oFdKY3YkeldKzOuYk41+TuoxE1QoH48oN7rKBJap39gQVaIur0B4d/lGy8qoiI8pzDsO+nhgHoSYIEw4s7qvqCiXVPmkUss=
ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=zoho.com; spf=pass smtp.mailfrom=mellowmutt@zoho.com; dmarc=pass header.from=<mellowmutt@zoho.com> header.from=<mellowmutt@zoho.com>
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=date:from:to:cc:message-id:in-reply-to:references:subject:mime-version:content-type:user-agent; b=DCs+OeH7hm/GeZgygbQ63YtID8veOXQre8wwUFKK6OPfhMEgt0E00OZVTzgSb/UqN5uYDvllGPYj KQzso7E7iE772r4QachJfv6VeGDezsqyaVWAgkc/C/ThWtdcRyuj
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1601074020; s=zm2020; d=zoho.com; i=mellowmutt@zoho.com; h=Date:From:To:Cc:Message-Id:In-Reply-To:References:Subject:MIME-Version:Content-Type; bh=P0FDDa8X1vFUNhzJSmbNBYH9S/y4KJKo43tXGrBOQVQ=; b=piIDZmQB0LZP/A7caO86hKmBxYSeDNItTNm1BM/hbtTjZEBrq0wp1j0DseeQpf8D +oRih+g8a+1VNBEZZT0+Ke63O7P7NV0avY72o28iBGVMKYk1LNR6vHtZ1/FpL7svFXf GllXJqj1VnOLHBi5ZQUvDBrBLCjd+UcP9dySjzeE=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1601074019490785.861209649565; Fri, 25 Sep 2020 15:46:59 -0700 (PDT)
Received: from [65.117.211.248] by mail.zoho.com with HTTP;Fri, 25 Sep 2020 15:46:59 -0700 (PDT)
Date: Fri, 25 Sep 2020 15:46:59 -0700
From: Eric J Bowman <mellowmutt@zoho.com>
To: "\"André Cedik\"" <andre.cedik@googlemail.com>
Cc: Mark Nottingham <mnot@mnot.net>, ietf-http-wg <ietf-http-wg@w3.org>
Message-Id: <174c772bc9d.d9c5414e9700.5826874819223752736@zoho.com>
In-Reply-To: <CAEQcYZjXu17K-YEHJsidtD=qCGLzRAFtnG1G1WYYSVbWgBmZTw@mail.gmail.com>
References: <CAEQcYZgHNcOv5tMv+E4oRJs8rpSugEPcT=NaZAM53v=0nkotcQ@mail.gmail.com> <BE72503E-FBB1-43A9-BF22-AAC37B11D63D@mnot.net> <CAEQcYZjXu17K-YEHJsidtD=qCGLzRAFtnG1G1WYYSVbWgBmZTw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_26808_266922165.1601074019486"
Importance: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Received-SPF: pass client-ip=136.143.188.93; envelope-from=mellowmutt@zoho.com; helo=sender4-pp-o93.zoho.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1kLwUo-0000zb-0Q c8a385d388d5ea9fb2c8c52b21be65b6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Communicating Warning Information in HTTP APIs
Archived-At: <https://www.w3.org/mid/174c772bc9d.d9c5414e9700.5826874819223752736@zoho.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/38064
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
+.5 I have old XHTML 1.1 content on archive.org, wrapped by them and including an error explaining how their wrapper broke XML, but no tip-off in the headers that the content is changed -- it's in the body. So, I can see "good actors" adopting this draft. My rural-ISP history makes me consider content-injection ads. Such intermediaries will not be adopting this draft. What I want as a Web developer, is some way of warning a client that it's receiving altered content, period. Which was the hope behind Content-Md5? This use-case is not considered in the draft, I hoped it would be after reading the summary -- but the problem of alerting the user-agent to changed content is only solved by assuming good actors. May be insoluble for bad actors? What about a removable Warning header? Arms-race problem, the bad actors will eventually figure it out, maybe someone has a better idea, but the scope this draft describes seems to include this issue without solving it, is my feedback. -Eric ---- On Fri, 25 Sep 2020 05:37:55 -0700 André Cedik <andre.cedik@googlemail.com> wrote ---- Hi everyone, first of all, thank you all for your feedback in the past. Since the end of last year, a lot has happened. With version 01 of the draft, we've taken a new route, introducing a new field (Content-Warning) which contains a key to identify that warning information will be returned in the responses body. We've released version 02 of the draft yesterday, which now incorporates most of the feedback we've received. Special thanks go out to Roberto Polli. Again all feedback is appreciated so we can work on making this happen. All the best and have a great weekend André On Wed, Nov 6, 2019 at 6:51 AM Mark Nottingham <mailto:mnot@mnot.net> wrote: Hi André, My .02 is that Warning's semantics are not consistently used or implemented by intermediaries, which makes it less than useful. Its syntax is also... not great. If you have use cases, I'd recommend minting a new header field and starting fresh, rather than trying to reuse it. Cheers, > On 6 Nov 2019, at 5:58 am, André Cedik <mailto:andre.cedik@googlemail.com> wrote: > > Hey everyone, > > Erik Wilde submitted an I-D on Monday - using the subject of this mail as the title (see https://datatracker.ietf.org/doc/draft-cedik-http-warning/) - that he and I wrote. It is our goal "to allow HTTP providers to have a standardized way of communicating to their consumers that while the response can be considered to be a non-failure, there is some warning information available that they might want to take into account". > > Shortly after we submitted the draft Julian Reschke notified us (see https://github.com/dret/I-D/issues/125) that the Warning header is bound to be removed with the next spec (draft-ietf-httpbis-cache). Which is very unfortunate for the I-D since we wanted to use it for indicating that the client would find additional information within the response body. > > Since there is currently no other way of conveying this to an http client (that we know of), we'd really like to get feedback if this is a use case for which you would be willing to keep the Warning header or if there is another way to make something like this possible. > > Best > André Cedik -- Mark Nottingham https://www.mnot.net/
- Communicating Warning Information in HTTP APIs André Cedik
- Re: Communicating Warning Information in HTTP APIs Mark Nottingham
- Re: Communicating Warning Information in HTTP APIs Roberto Polli
- Re: Communicating Warning Information in HTTP APIs André Cedik
- Re: Communicating Warning Information in HTTP APIs André Cedik
- Re: Communicating Warning Information in HTTP APIs Asanka Herath
- Re: Communicating Warning Information in HTTP APIs richard.gibson
- Re: Communicating Warning Information in HTTP APIs André Cedik
- Re: Communicating Warning Information in HTTP APIs Eric J Bowman