Re: Few proposal seem to have not attract any attention from the working groups.
Mark Nottingham <mnot@mnot.net> Mon, 20 May 2019 08:31 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0625812014A for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 May 2019 01:31:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.999
X-Spam-Level:
X-Spam-Status: No, score=-2.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=UciKe8Qc; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=MktBGeVd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CthErYFt6SMd for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 May 2019 01:31:09 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31218120077 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 20 May 2019 01:31:09 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1hSdfQ-0005b9-D1 for ietf-http-wg-dist@listhub.w3.org; Mon, 20 May 2019 08:29:08 +0000
Resent-Date: Mon, 20 May 2019 08:29:08 +0000
Resent-Message-Id: <E1hSdfQ-0005b9-D1@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1hSdfN-0005aO-Bs for ietf-http-wg@listhub.w3.org; Mon, 20 May 2019 08:29:05 +0000
Received: from out2-smtp.messagingengine.com ([66.111.4.26]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1hSdfL-000898-Hr for ietf-http-wg@w3.org; Mon, 20 May 2019 08:29:05 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id BB2AF23DA7; Mon, 20 May 2019 04:28:41 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 20 May 2019 04:28:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=l hLkcq3MWVlfFUYqiUVX6NLw016WTXVJGthJ4SsEMR8=; b=UciKe8QcyjgR2RFV8 41L3jbMWqMsCOSCtAv+qC2nlaBGU7Iqj9z4j9EikoOOUcBA8FCYTIJSp/lPodAdk T/ENegfNto/fN2TBAl34oAvKQyg7TT0Wh/3q4ZS+bpLMxril+/ZuvEp0mReTAIn0 Zx8Gu0Qr8En8Ywlz8OzJfEQQJqo5NDn+I8Y8vWrRmRjyE2zIb9ZgfPxhpC5Atyaw wRalQgYG1a7hLfG6DJuLdb91xCtOINGzAyXWXT/xC38CtxCMI9EVn0FSHLxKy7Wt P6s9YdUcIGWbQ/hlpvL1tsche1ubiIk8ITQCc9VfOuZwVeKeSY48z0yingcSRNXC 55e8g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=lhLkcq3MWVlfFUYqiUVX6NLw016WTXVJGthJ4SsEM R8=; b=MktBGeVd34U+C+cM+iXQ6SwfOJpGx3v3fVdX+ot4D9t2JzZTF7Zl2DTBX 5PjCi8VMAqLusuahqr8sjLsAJ6KycyVA2hT28jlkDMSSJf350bMZgzavNTHB6iDW WJGr25Hwy40jMyRum0IMctcNMiI/SsD9ibOTKNKtCbn39y7EUDdg/H6YClozXG7h vHeGLrRqYM+ffBeget/h1nC5Bllu2ao06R6yvZHZT68aUgkciw2aqhoXjyirgVHJ d0rkeg/GTRrzriMUu9+cu7UoHfe1/3kekT4HIHJLyktC/6M1oEQBcCSKwc4hLAWc vInouKit40OjjwKhNAzWXEoK0oKxw==
X-ME-Sender: <xms:OGXiXOodPIiLz-rFVHTosgJ40zeaRLuZs2qh6jun4p87g-8XXKEX1w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddruddtkedgtdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne gfrhhlucfvnfffucdlhedmnecujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdt jeenucfhrhhomhepofgrrhhkucfpohhtthhinhhghhgrmhcuoehmnhhothesmhhnohhtrd hnvghtqeenucffohhmrghinhepfiefrdhorhhgpdhsfihimhguhihnrghmihgtshdrtgho rdiirgenucfkphepvddujedrudefkedriedvrddvgeefnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmnhhothesmhhnohhtrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:OGXiXA54Ts4YaeIQuR-NOOvGXXVcRd68v0TPGNMVEyg3MmZCYWwgGQ> <xmx:OGXiXEOZHqOmmcgmhuuZZzqop5iBzeXraqbp8t1GkKJC24_dpstIEw> <xmx:OGXiXPFcdNogy0o8JAQJ8ajVKs-vMnLvCifDPopS76hkx_OsOGTtdw> <xmx:OWXiXC1VGYegDR4FR54bIaKP1HmpgZG6nSAOGSycdHHSsCjeKhTx0g>
Received: from [192.168.203.87] (unknown [217.138.62.243]) by mail.messagingengine.com (Postfix) with ESMTPA id 20FCD80060; Mon, 20 May 2019 04:28:40 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <75FD0A68-9DA4-486F-AE98-8C7CD66CB99D@vcontractor.co.za>
Date: Mon, 20 May 2019 09:28:38 +0100
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A281E47C-3F4B-451D-BBD6-405DFFDC00AA@mnot.net>
References: <75FD0A68-9DA4-486F-AE98-8C7CD66CB99D@vcontractor.co.za>
To: "Oliver, Wesley, Vodacom South Africa (External)" <Wesley.Oliver@vcontractor.co.za>
X-Mailer: Apple Mail (2.3445.104.8)
Received-SPF: pass client-ip=66.111.4.26; envelope-from=mnot@mnot.net; helo=out2-smtp.messagingengine.com
X-W3C-Hub-Spam-Status: No, score=-7.1
X-W3C-Hub-Spam-Report: BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1hSdfL-000898-Hr 9bad85cb228a65b778d9f3a787b1fc14
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Few proposal seem to have not attract any attention from the working groups.
Archived-At: <https://www.w3.org/mid/A281E47C-3F4B-451D-BBD6-405DFFDC00AA@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36650
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Wesley, Generally speaking, if there isn't any response (on the list or elsewhere), it indicates people aren't interested in the proposal, or that they don't believe it's viable. If folks do have thoughts about this and just missed it the first time around, please do follow up. Cheers, > On 20 May 2019, at 7:50 am, Oliver, Wesley, Vodacom South Africa (External) <Wesley.Oliver@vcontractor.co.za> wrote: > > > Hi all, > > Hope all is well in the world of the web. > > The following proposals below didn’t seem to seem to attract any attention from the working group. > > Has the process of the working groups changed? > > Is there anyone interested in solving these issues or should be run by google for the chrome browser. > > The other thing we think is highly relevant now days is that all session tokens should have been privately encrypted > By the server backing store or environment and encryption key rolled aggressively, making token hacking or anything of the sorts a lot more difficult to achieve in hacking the client side session information to gain access and by assuming the identity of another session. > > Kind Regards, > > Wesley Oliver > > ------------------------ > ---------- Forwarded message --------- > From: Wesley Oliver <wesley.olis@gmail.com> > Date: Sun, May 12, 2019 at 7:51 PM > Subject: Proposal for new header field: SESSION_FORWARD_IDENTITY > To: ietf-http-wg@w3.org Group <ietf-http-wg@w3.org> > > > Hi all, > > I am sure by now the the EU with there new cookie laws has drive everyone nuts already and annoyed them enough! > > I would like to propose that for session tracker that we implemented a new session_forward_identitiy field header, in which the server will supply the value in the http response and the client browser will then for all further request to the server append the session_forward_dentitiy field header for that domain. > > Similar to cookies, but there is no local storage of anything, its a pure ephemeral value and is basically lost, when one navigates away from the domain, it is lost. > > Basically like adding the tracking token onto the end of every url request made from your > website/app, client browser request, which requires each url to be dynamic generated, which in most web apps is not a problem. But for simple reporting type pages that are tobe kept simple, then allowing the browser automatically do this for you in the background simplifiers things. > > Hopefully this would reduce the amount of cookie type EU regulations we need to accept before entering a website, were by they can rather use other alternative forms that are potentially less subject to tracking a user outside the scope of the current domain requirements. > > We might need to typically add another public accessible header variant version for google analytics and similar things, for personal web domains, which is more public to linking session information, but not out of the domain context, this could become difficult for 3rd party scripts that are loading into an application, that may look for this then send back to there server. But they would have to continually send information for each page back to there server, as they would n't be allowed to use any form of local storage, except for maybe single access once off granted access, similar to how mobile permissions handle things, to get long term webapp session key from local storage. > > Just think that there is a simper way to get around all these EU cookies notifications > and achieves what we require with looking to a future method, that suits 21st century http requirements. > > Kind Regards, > > Wesley Oliver > -- > Web Site that I have developed: > http://www.swimdynamics.co.za > > > Skype: wezley_oliver > MSN messenger: wesley.olis@gmail.com > > > -- > -- > Web Site that I have developed: > http://www.swimdynamics.co.za > > > Skype: wezley_oliver > MSN messenger: wesley.olis@gmail.com > > ------------------ > > ---------- Forwarded message --------- > From: Wesley Oliver <wesley.olis@gmail.com> > Date: Sun, May 12, 2019 at 7:29 PM > Subject: Proposal for new header field: SERVER_UTC_TIME > To: ietf-http-wg@w3.org Group <ietf-http-wg@w3.org> > > > Hi all, > > I would like to potentially propose that we added a new complosurary header to http > that all servers should in future send with all the response to the client, this is to solve a problem that client system upstream time providers may be incorrectly, which then cause > browser caching to become unreliable! > > This problem typically is quite prevalent, when it comes to mobile networks, were > cell phones and devices sync there time to the network, however, at many times > the providers of the network time information are out of sync. > > This cause many to have extremely bad internet experiences and seeing older shadow copies of content all of sudden when hopping on to a new mobile BS/HS upstream provider, > that sudden puts on time back. > > I have experience quite a few issues with regards to different real time reflecting situations. > > Given that non one developing something for the client side browser, wants to something so fickle to the upstream provider, which can break on client side browser experience that one has work so hard t perfect and maybe opermize. > > I would like to propose that we include a new http header SERVER_UTC_TIME, in which the client side browser, can then uses some statistics, between all open domains and local clock time, to determine what utc time should be, and then use that website domain. > Typically is the website domain off, or is the local clock off.. and make a call. > > With every browser request has the ability to determine the correct browser time, to within a request response time for a domain, say typically bring it to with in 1 second of accuracy. > This would then ensure that the website still functions correctly. 1 second of 4 second worse case for instance, is still better than 5/10 minutes of the local clock being out. > > The same problem with mobile, typically happens with lat/lon provider by the BS sites, they are usually wrong... However, that can't be address via a header. > > Kind Regards, > > Wesley Oliver > > -- > -- > Web Site that I have developed: > http://www.swimdynamics.co.za > > > Skype: wezley_oliver > MSN messenger: wesley.olis@gmail.com > > > -- > -- > Web Site that I have developed: > http://www.swimdynamics.co.za > > > Skype: wezley_oliver > MSN messenger: wesley.olis@gmail.com > > ———————————————————————— > > > > This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. > > > > > > > > "This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link https://webmail.vodacom.co.za/tc/default.html " -- Mark Nottingham https://www.mnot.net/
- Re: Few proposal seem to have not attract any att… Mark Nottingham
- Re: Few proposal seem to have not attract any att… Kari Hurtta
- Re: Few proposal seem to have not attract any att… Mark Nottingham
- Re: Proposal for new header field: SESSION_FORWAR… Kari Hurtta