Re: New Version Notification for draft-nottingham-http-availability-hints-01.txt

Valentin Gosu <valentin.gosu@gmail.com> Wed, 04 September 2024 09:40 UTC

Received: by ietfa.amsl.com (Postfix) id 7A2C5C14F5F2; Wed, 4 Sep 2024 02:40:55 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79732C14F5E8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 4 Sep 2024 02:40:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.857
X-Spam-Level:
X-Spam-Status: No, score=-2.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="EOnBM3jd"; dkim=pass (2048-bit key) header.d=w3.org header.b="DKjSirwU"; dkim=pass (2048-bit key) header.d=gmail.com header.b="N/erWZfQ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C_X5_OIqJ51N for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 4 Sep 2024 02:40:51 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CF68C14F5EF for <httpbisa-archive-bis2Juki@ietf.org>; Wed, 4 Sep 2024 02:40:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=L/v/p/p+T+isfNzUeCUJjIgwsRdN2BIxirwQOPWYrCA=; b=EOnBM3jdQje8F2WvXlJ5GN7MDo q48i1GasfNO4xPAQRS3tTgSj/LTBY8rwkfx8BtThyD0/C6baD/Xz9r2/Sftz7pWLiQ7aXoTWwsFCN jVxLjFXeEahKB/bS2amdhts1arPBb4aYkoFT7R3p/bPakYSrwG3vhOUpgL4qhX6LxSYpkKipJ4126 eFZYxgSSQvFzHEHijFqHloAiwhn7AWI8T9pX/UbIsTI+4WBy4NiwTSKoWDCldlNTqyebiLNzZC4Xn NwnTwmYyZhP+IVag66KHe8oFlvhxyIyabH9CEUL8Ya7ruxNJXYFVNWZaIMsnxrBQVjmEU+FYocCjF dgKeCbgQ==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1slmUQ-005Sh9-2W for ietf-http-wg-dist@listhub.w3.org; Wed, 04 Sep 2024 09:39:50 +0000
Resent-Date: Wed, 04 Sep 2024 09:39:50 +0000
Resent-Message-Id: <E1slmUQ-005Sh9-2W@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <valentin.gosu@gmail.com>) id 1slmUO-005SgD-0o for ietf-http-wg@listhub.w3.internal; Wed, 04 Sep 2024 09:39:48 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=L/v/p/p+T+isfNzUeCUJjIgwsRdN2BIxirwQOPWYrCA=; t=1725442788; x=1726306788; b=DKjSirwUmB3OjZNRGdn4RrzRaRa5leUtI1cv1yU+jSWzLnjcW/4tPAQx0+WE9VcyAl39tV1JqTH fgLnoUIBi4txPs0kVARBHb9SII1STjYI8iCWww8szMJEl2cEC1SaLHK14PmGK2z6tPvgzppa7bSUj sEpUA4L5W69/MZNOgR2sfJvi1lVm5M6tNkxpNo1c6LBL4MnKmArS1/lWPoLUWfGu8dm1Z+67zEwKO HTLfBXsR3N5YBxYZ48hznMjKKRUl4GA76PvVwbLM8S5Xx+NuYAETpDWAtNKvkGjSzgSXh0BjX+nhi 2v4UeNI320RM6QrrP/+f3Mv48RQbV0FNo8DA==;
Received-SPF: pass (puck.w3.org: domain of gmail.com designates 2607:f8b0:4864:20::234 as permitted sender) client-ip=2607:f8b0:4864:20::234; envelope-from=valentin.gosu@gmail.com; helo=mail-oi1-x234.google.com;
Received: from mail-oi1-x234.google.com ([2607:f8b0:4864:20::234]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <valentin.gosu@gmail.com>) id 1slmUN-001W1C-1e for ietf-http-wg@w3.org; Wed, 04 Sep 2024 09:39:48 +0000
Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3df0ec140dcso249757b6e.1 for <ietf-http-wg@w3.org>; Wed, 04 Sep 2024 02:39:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725442784; x=1726047584; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=L/v/p/p+T+isfNzUeCUJjIgwsRdN2BIxirwQOPWYrCA=; b=N/erWZfQIMsfCMHLywXpJMdXUQzW6tE49m9Z7GLokas1CZU57J3wxWw6e2LZWB3sB9 HvaNZhpbyAmaTe2pWKp/1tXvh5/T8V8JrilATPdor7qECdRnGgtG5Pd+KpKX0HIhYwz0 O+WE+3bNcfYBRwPVKaNh8uBV3711nAh7pE3S09R4NXHv4CJPRAjLDeYbjXN/FqoU2TGP y4FRdF5f9MMEdUDpuigG9OhOLDpIaHrkhxShlxxXv1pxOpA7mEWXGq00c++3SF1sfcJ2 8LDFXL19NZMT6l7PYx6LeAUjP50XO0M08R04jgcK4qQJ2RHD/58teldSSyMB00QiFgGN Y0ag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725442784; x=1726047584; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L/v/p/p+T+isfNzUeCUJjIgwsRdN2BIxirwQOPWYrCA=; b=EdWnfgJGGagXXGWHXJtDoHW56FG0TrxvkhPY4Sz3apRn3GW5y+0NYYBjff8RpkAi9j KjJZijWi+MkrhlP3njA8/W2HKDzf5cXK0V2i6s+9mQmWclgexvncHlicixarNYXv0DWZ NDjACH999FlcxuU1Vo5geYQcXRaAcmic+3jUf2hVHSactsYknMea4xEVkkUCxt1ZTDFM wxAA8dlrl5/T+vsef9Md8+b0MfyFbgGVRwOcHDpdyZRixPbdgYYIKpoI3/Dn+7dNGVfw Egl7f+7ndc+qKqc//Annb4z/nJmMCg7wMbV/gvHNQzzBEgnOOlvrk0kWeHi7QNark2yG V6Dw==
X-Forwarded-Encrypted: i=1; AJvYcCX8pC2laq63gBzZA+DGj/D3eZDhIF9HnL6DbxQfHyu3ab2PO6SBQz1qwdQ/N+CAr1TQtUbZX7ZpwzAdvUc=@w3.org
X-Gm-Message-State: AOJu0YzVaMkMR5aa2UfKuRpP6c/vnYJxS8jnHG5FFCMumzm4yPaph56o JnJf3e4KYv9H1vBlHD+NmCy8xn/ePoCnY/Bo5INlgbaO7gWg/woBxMxnesmDEUvJo/gH/jjfGu3 6QkhTOG15bByKyV/AdFbDFaTUPy8=
X-Google-Smtp-Source: AGHT+IEA4A39e0ZfJD8FCisRKl/dSQP5pI1Wi2UkRyxmVYJIqJKtdAcAeenDSp+WJgeg47nuWvquX2+rBtY15eNgoY0=
X-Received: by 2002:a05:6808:10d6:b0:3d9:3290:6430 with SMTP id 5614622812f47-3e0133fbad5mr548558b6e.2.1725442783557; Wed, 04 Sep 2024 02:39:43 -0700 (PDT)
MIME-Version: 1.0
References: <CAEmMwDwFmK_wuQg4gnjj4rbVr5Wb_m+f3MFuTXFmA7ZMCvMKEA@mail.gmail.com> <AFB140A5-1611-49ED-9C33-9E5675201286@mnot.net> <CAEmMwDzHKF=ZP4t80YMB9F_Y3kNie2HLR_11eiYPr5+cLGagqw@mail.gmail.com> <AE0EDA5C-717E-4EE2-980D-E911B1B28CA6@mnot.net>
In-Reply-To: <AE0EDA5C-717E-4EE2-980D-E911B1B28CA6@mnot.net>
From: Valentin Gosu <valentin.gosu@gmail.com>
Date: Wed, 04 Sep 2024 11:39:32 +0200
Message-ID: <CACQYfiLo33WtkLCOLcZdJJOah7OGJBZju9ekRzF0xJm5MuUhSw@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Rory Hewitt <rory.hewitt@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="00000000000031c1c3062147f4d6"
X-W3C-Hub-DKIM-Status: validation passed: (address=valentin.gosu@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1slmUN-001W1C-1e 9bc601240f1fd6e2c19ba852c21b31bc
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-nottingham-http-availability-hints-01.txt
Archived-At: <https://www.w3.org/mid/CACQYfiLo33WtkLCOLcZdJJOah7OGJBZju9ekRzF0xJm5MuUhSw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52262
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Mark,

I have some feedback regarding the Cookie Section
<https://www.ietf.org/archive/id/draft-nottingham-http-availability-hints-01.html#name-cookie>
.

> Note that this algorithm requires storing the cookies from the associated
request with each response.

In Firefox we currently store a hash of the Cookie header instead of the
actual cookie value in order to deal with Vary: Cookie.
This is because the cookies could be large in size, and because we don't
want potentially sensitive information contained in cookies to be persisted
in the HTTP cache.
So I think you can implement the algorithm without storing the actual
cookies in the response.

I'm also wondering if this section should mention that the response may
include a `Set-Cookie` header with one of the indices.
I don't think anything special would need to happen, apart from this
immediately invalidating the cache entry.

Thanks

On Wed, 10 Jul 2024 at 03:30, Mark Nottingham <mnot@mnot.net> wrote:

>
> > On 10 Jul 2024, at 2:33 AM, Rory Hewitt <rory.hewitt@gmail.com> wrote:
> >
> > The 'header explosion' concern is only part of it. My main point is that
> using a single well-crafted header can both fill in the holes and also
> provide more explicit preference information - covering the exact
> edge-cases you mention in the design.
>
> The Variants header took that approach -- the WG came to the conclusion
> that it wasn't workable, due to the complexity and difficult in
> understanding. This is an attempt to split it up and simplify the space,
> and it seems to be getting traction (e.g., partial prototyping in Chrome).
>
> > However, if you'd prefer to use multiple headers, I would strongly
> suggest that you change "Cookie-Indices" to "Avail-Cookie" or
> "Avail-Cookie-Indices" - all the related headers should have a common
> "Avail-*" prefix, no?
>
> As the draft says, it's just a convention. The field names aren't
> automatically processed.
>
> Cheers,
>
> >
> > On Tue, Jul 9, 2024 at 12:29 AM Mark Nottingham <mnot@mnot.net> wrote:
> > I'm not too concerned about an explosion of headers -- it only becomes
> an issue if a resource negotiates on many axes, and even then things like
> header compression work in our favour (splitting them into separate headers
> often helps header compression). Client Hints took the same approach, and I
> like the symmetry with them.
> >
> > Cheers,
> >
> >
> > > On 9 Jul 2024, at 8:29 AM, Rory Hewitt <rory.hewitt@gmail.com> wrote:
> > >
> > > Hey Mark,
> > >
> > > My primary concern with this is the possible proliferation and
> over-extensibility of `Avail-*` headers.
> > >
> > > This document includes Avail-Encoding|Format|Language|ECT (ECT is a
> likely addition eventually) and Cookie-Indices, but those may need to be
> extended in the future, leading to a large number of headers.
> > >
> > > To use the example you provide in the Introduction section:
> > >
> > > Vary: Accept-Encoding, Accept-Language, ECT
> > > Avail-Encoding: gzip, br
> > > Avail-Language: fr, en;d
> > > Avail-ECT: ("slow-2g" "2g" "3g"), ("4g");d
> > >
> > > Naively, would it not make more sense to have a single
> *Available-Responses* header, like this (apologies if the syntax isn't
> quite correct for structured fields):
> > >
> > > Vary: Accept-Encoding, Accept-Language, ECT
> > > Available-Responses: enc=gzip,br;lang=en,fr;ect=("4g"),("slow-2g" "2g"
> "3g")
> > >
> > > Of course, this includes some assumptions:
> > >
> > > 1. The first option is the default - we have traditionally not done
> that, and used things like Q-values (ugh!), but with brand new headers,
> does it not make sense to start implementing a higher-level standard that
> where multiple values are specified, they should be specified in a
> prioritized list? For any given listable header, both clients and servers
> know a preference order, and that should be implicit in the headers they
> send and receive. Is this complete heresy to even suggest this?
> > > 2. This may be less efficient when using things like QPACK static
> tables to hold 'commonly-used' header values, but I don't believe that's
> something that anyone is worrying about yet...
> > >
> > > On the plus side, it (kinda) simplifies the header size (not a big
> issue with Huffman encoding and first-subsequent responses), but to me,
> having a single response which specifies all the available response types
> is an improvement to having multiple headers. As new response axes becomes
> available, they can simply be added to the existing header.
> > >
> > > Additionally, it can be extended to include all the 'holes' and
> various axes of preference mentioned - for example, the following shows
> that the English-gzip is preferred over the French-brotli version (while
> still making it clear that French-gzip and English-brotli versions are
> available - the preference order symbolized here is explicitly:
> > >
> > > en-gzip
> > > fr-gzip
> > > fr-br
> > > en-br
> > >
> > > based on the parenthesized grouping:
> > >
> > > Vary: Accept-Encoding, Accept-Language, ECT
> > > Available-Responses:
> (enc=gzip;lang=en,fr),(enc=br;lang=fr,en);ect=("4g"),("slow-2g" "2g" "3g")
> > >
> > >
> > > To use an example of a 'hole', if a French-gzip version IS NOT
> available, you'd have this:
> > >
> > > Vary: Accept-Encoding, Accept-Language, ECT Available-Responses:
> (enc=br;lang=fr),(enc=gzip,br;lang=en);ect=("4g"),("slow-2g" "2g" "3g")
> > >
> > > which identifies the following preference order:
> > >
> > > br-fr
> > > en-gzip
> > > en-br
> > >
> > > An English client can use *either* gzip or br (gzip is preferred), but
> a French client can *only* get a brotli response. Crucially though,
> French-brotli is still preferred to either English-gzip or English-brotli,
> even though there's only a single encoding option for French.
> > >
> > > Rory
> > >
> > > --
> > > Rory Hewitt
> > >
> > > https://www.linkedin.com/in/roryhewitt
> >
> > --
> > Mark Nottingham   https://www.mnot.net/
> >
> >
> >
> > --
> > Rory Hewitt
> >
> > https://www.linkedin.com/in/roryhewitt
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>
>