Re: Editorial Issue: Persisted Settings... when does the client need to return them?

William Chan (陈智昌) <willchan@chromium.org> Sun, 28 April 2013 16:31 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2964721F9943 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 28 Apr 2013 09:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.676
X-Spam-Level:
X-Spam-Status: No, score=-9.676 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBuhjw1nghng for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 28 Apr 2013 09:31:40 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC6C21F9579 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 28 Apr 2013 09:31:40 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UWUV8-0005An-Vs for ietf-http-wg-dist@listhub.w3.org; Sun, 28 Apr 2013 16:30:59 +0000
Resent-Date: Sun, 28 Apr 2013 16:30:58 +0000
Resent-Message-Id: <E1UWUV8-0005An-Vs@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <willchan@google.com>) id 1UWUV3-0005A7-7U for ietf-http-wg@listhub.w3.org; Sun, 28 Apr 2013 16:30:53 +0000
Received: from mail-qa0-f53.google.com ([209.85.216.53]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <willchan@google.com>) id 1UWUV2-0007QI-4N for ietf-http-wg@w3.org; Sun, 28 Apr 2013 16:30:53 +0000
Received: by mail-qa0-f53.google.com with SMTP id p6so741701qad.5 for <ietf-http-wg@w3.org>; Sun, 28 Apr 2013 09:30:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=2JRIzXQHVFH5dyNiixi9bdI+WSNT2mZE2XO0m03VCaQ=; b=OZOz0SMk/mOBNEod0OjKHGCcDVtWoVYF3zhBdFNebgp9AOa8O2+tofHip0Yl9YLeFJ azkv9uQb/8hYsK1vW7RXaDmywwl7zFZuGnuMMaBI1fWb8QYiuM0kdrlXz+OVFWqff/VZ pYvoLp2Vq5R64YMNf/8MM70J7umBu5Lx4DVub+8CoIdUHQqO9GeGkNNKkDqhlXD3tUiL 0naFt3qOepDKXux36yQ3qPXfENlRcrxgJwO/nyag54ao242pnLx3JihWoliDA9y9eZga BeNcRPoJCpa2xmnKqUN730DvoqE5ul/nO7Nq5jvmbQE8Olvdf6nsgoO9bgzj+eXJcaoU NqeA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=2JRIzXQHVFH5dyNiixi9bdI+WSNT2mZE2XO0m03VCaQ=; b=AKVpmUwbdLxrjqYcK3P7oQNb/bVZVe+C6jnpIMgJylsvn01a3kKcdyD8uIDgaX4Giw /1hk1G5PUdtarTy1jEAwYC4VETuIGLq9Y66R0Xy6bxaBjbXi3EjCaeqASU63uiFUeTj1 +JwW6+Pyk9Rez49u1cycSdhqxNHidycKH5va4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=2JRIzXQHVFH5dyNiixi9bdI+WSNT2mZE2XO0m03VCaQ=; b=gqwad6yZc9tw7UWxi71F+ZMJKyElKJO2xj9RbJibpTjW5c2gO9Buh7X9VVsDEbmw8N oGfsB1a+lYTgq1q7G04zFH7dCo5wNlbURZzrKUhFXhwQR37RC6WMdt26FgJcZuh31HK2 9ktNr9imBx1kvagWGeBlD/9Tn6QDdS1Di1ySjynBP9IXC9r1ZIjCs1LQB+bBDAQ5ASZn BmfjuXQfL44sx37qwiCJIZ3HfW9jtJVdlpkkkwxx1cyXA+lqg+86WNaohKw6xTwDXt9Y Zetbft4iriEYlpDb5VMYs8IwE6JXC92W4LJmNT+X7IrDaMf/h7ElJ8TUWdy1A6SxyM1c bcjw==
MIME-Version: 1.0
X-Received: by 10.49.82.45 with SMTP id f13mr36196634qey.53.1367166626301; Sun, 28 Apr 2013 09:30:26 -0700 (PDT)
Sender: willchan@google.com
Received: by 10.229.180.4 with HTTP; Sun, 28 Apr 2013 09:30:26 -0700 (PDT)
In-Reply-To: <CABP7Rbd-32BnZ2zV5aaOcZDXP6JfTcCFiRhKqoXV2O4roAn0Cw@mail.gmail.com>
References: <CABP7Rbcyf2FQH50OC1EgTr5+So_4tisVNZKOUBvKDe=fRgMbxA@mail.gmail.com> <CABkgnnXc2aw43aXMDM7oXoDcgDs3+03qwYfw6Sobz_tbMh_diA@mail.gmail.com> <CABP7RbfRdi6eH-AXp57Pa1-m1c_9ZN3Xa+7E2RihdezX24WYpQ@mail.gmail.com> <CAP+FsNdyQSXVRNbGqs_g1rm08Mrhc7haE3azThLU44Css7W3rA@mail.gmail.com> <CABP7Rbd-32BnZ2zV5aaOcZDXP6JfTcCFiRhKqoXV2O4roAn0Cw@mail.gmail.com>
Date: Sun, 28 Apr 2013 09:30:26 -0700
X-Google-Sender-Auth: 2WuhhpThphqsJlp9rbrZA3ZWkow
Message-ID: <CAA4WUYh2kzxd5z2S++w_D_CEDhvoxmJ-G2sRKfZdo_S9Tzi+Uw@mail.gmail.com>
From: =?UTF-8?B?V2lsbGlhbSBDaGFuICjpmYjmmbrmmIwp?= <willchan@chromium.org>
To: James M Snell <jasnell@gmail.com>
Cc: Roberto Peon <grmocg@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b5dbf321c29fe04db6e4960
X-Gm-Message-State: ALoCoQmCt4luy4xpT505oalG+VHxkfC8P4zjBOUOM5LzlUU0r28DXLc46u37MKhDDQcVOxF0tnu2cKApcPFWXp8h9UO8oX0WqqpRQNkDZWy6ZGqYxwseJthyncgdcEY8n1HfsGg70ENedP2uVb7LttZquE7/tbssMLtk5SHMr+1lBSq1/2aQIpaWvh26yuy5S6JjBjPcEq6x
Received-SPF: pass client-ip=209.85.216.53; envelope-from=willchan@google.com; helo=mail-qa0-f53.google.com
X-W3C-Hub-Spam-Status: No, score=-5.7
X-W3C-Hub-Spam-Report: AWL=-0.549, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.438, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UWUV2-0007QI-4N 27b9f8006f6b6c3919ebd61571b6b7ba
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Editorial Issue: Persisted Settings... when does the client need to return them?
Archived-At: <http://www.w3.org/mid/CAA4WUYh2kzxd5z2S++w_D_CEDhvoxmJ-G2sRKfZdo_S9Tzi+Uw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17646
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I agree with Martin that we should defer discussion here as persisted
settings are at risk.


On Sat, Apr 27, 2013 at 11:23 PM, James M Snell <jasnell@gmail.com> wrote:

> That's not what I see documented in the draft currently.  Pending update,
> perhaps?
> On Apr 27, 2013 2:38 PM, "Roberto Peon" <grmocg@gmail.com> wrote:
>
>> The AP couldn't set anything w.r.t settings unless you connect to it
>> specifically and it has a cert that your browser trusts, at least assuming
>> the model where settings are persisted only for sessions using verified
>> certs (like what is done with SPDY today).
>> And then the browser (at least Chrome) will forget the setting upon the
>> change of network.
>> And of course, one could just set a cookie instead of doing SETTINGS, but
>> then we announce it everyone, even when not useful. bleh.
>>
>> We'll talk about it later anyway.
>>
>>
>> On Fri, Apr 26, 2013 at 8:39 PM, James M Snell <jasnell@gmail.com> wrote:
>>
>>> To be honest, the whole persistent settings thing gives me the
>>> willies, particularly given that SETTINGS as defined currently are
>>> generally specific to individual connections. If I'm on the road and
>>> on my phone connected temporarily to a free wifi access point, I don't
>>> necessarily want that access point being able to tell my phone to
>>> persistently store some piece of data that will never be used anywhere
>>> else... Not to mention the inherent privacy concerns...
>>>
>>> On Fri, Apr 26, 2013 at 8:06 PM, Martin Thomson
>>> <martin.thomson@gmail.com> wrote:
>>> > Given that persisted settings are at risk, I think that we can defer
>>> > addressing this one.
>>> >
>>> > (I'd say that once is enough and that persisted settings need only be
>>> > returned at connection establishment time, but that's not the only
>>> > thing we need to address with persistent settings, I think.)
>>> >
>>> > On 26 April 2013 14:28, James M Snell <jasnell@gmail.com> wrote:
>>> >> One bit that's not clear in the current draft...
>>> >>
>>> >> When the server asks the client to persist a setting, is the client
>>> >> required to return that setting in EVERY subsequent SETTINGS frame it
>>> >> sends to the server until the setting is cleared or is it only
>>> >> required to send the persisted settings once when a new session is
>>> >> established (i.e. in the client session header?)
>>> >>
>>>
>>>
>>