IETF Logo Mail Archive

Re: Issue #356: Form-encode Expect-CT report bodies?

Martin Thomson <martin.thomson@gmail.com> Fri, 09 June 2017 14:44 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECE8B129B5F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 9 Jun 2017 07:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.502
X-Spam-Level:
X-Spam-Status: No, score=-6.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdN08-8mIP0E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 9 Jun 2017 07:44:50 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9312E129B5D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 9 Jun 2017 07:44:50 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.84_2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1dJL7w-0000eA-Du for ietf-http-wg-dist@listhub.w3.org; Fri, 09 Jun 2017 14:43:04 +0000
Resent-Date: Fri, 09 Jun 2017 14:43:04 +0000
Resent-Message-Id: <E1dJL7w-0000eA-Du@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1dJL7p-0000bc-2F for ietf-http-wg@listhub.w3.org; Fri, 09 Jun 2017 14:42:57 +0000
Received: from mail-lf0-f51.google.com ([209.85.215.51]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1dJL7j-00070R-0Q for ietf-http-wg@w3.org; Fri, 09 Jun 2017 14:42:51 +0000
Received: by mail-lf0-f51.google.com with SMTP id m77so5978904lfe.0 for <ietf-http-wg@w3.org>; Fri, 09 Jun 2017 07:42:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eP0uaeD8o5jc6kwstoKA0Dz/wOJnbK6GfKH0cKTxxhs=; b=OmwqnHMThFa9eeDfbGCnFGgKQNDXrxeZud6ZNhO6dV6/8+OoGMEpeas0h+Ec3J6UHi cmDKwcJvIuffcZE1zwfV4ERUdeOVuQPJxgZMHa6w+T0+eITc3KbWyc3sJCxsqgE3bQEO cH/93rBagA5P4atZnNyryauprwt0iS1PTarxXrjxcrM/FPmVsK75uP+ps/mqRzH0C22W woE9ESm5795eD3tc8S2RebBGzhNdIT6kjP/6U+7b9nPBYOCjXb9X7f9ZpDtwoNJhMVnY DSnLvMLJGTiIkzOzTqHIeT8YGlXEfzKXC1OaJKCcF+XOLNexQoqy/qDUj0FJltqdF+LV J4rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eP0uaeD8o5jc6kwstoKA0Dz/wOJnbK6GfKH0cKTxxhs=; b=MeXiJWp7mExjrAbMBYEcoBXejPji0J+HfM/tNPwzm/Qu/VJYOZ+kRB8fu02BDToWZF GxKfbmA6Z0dQS4eoHsi/8CNK8q11gyoP9j6aGCSuHqBXIkhJmrBDdWp5qpk8pdCExgfT NJ1qvdKExd5h3i8F1seipjy6hLApXnjkzRS5iwyaraz18UjfRNWE9X01aXJWPASfB+OY 2aT8vb3kgCR0+/v/jstrWYnLqU6c8DVqFqKgOd/ufYCU4l8d+J+n74rnT5pm08SVao2i 8vHqZ/h2SgvvezOnHNdMa0tvkbJfmPknvljqlTsZluQ2LMWf11gqXjAXbBTU0x6XxyOF hXBg==
X-Gm-Message-State: AODbwcBouKy6ZdEI9WCG1rzXUzz1i3fOEQshIAKsE/9VyFG6Uvg4G96F dUr6AMBa7lU0yZs+ixFp6ZsH/ZLlWA==
X-Received: by 10.46.77.196 with SMTP id c65mr9851229ljd.113.1497019343980; Fri, 09 Jun 2017 07:42:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.8.66 with HTTP; Fri, 9 Jun 2017 07:42:23 -0700 (PDT)
In-Reply-To: <CAPP_2SYLpKBo-rWV4oMG7V3FeN4aZ7fZEOdFgwFC8ASmFKmvqA@mail.gmail.com>
References: <CAPP_2Sa+6eSAChgp8KrzabPJUkMmiKBhWp1dFhS0zOVnXrenLw@mail.gmail.com> <CAOdDvNoStrOu=SSZJrKMsQFjG2YVtiLqMdvXP_1PKJ_a+58Mfw@mail.gmail.com> <CABkgnnUVYB1Dqh4efe25bKx=-2iOBXHZg=3fgXjvbRn28b6nuw@mail.gmail.com> <CAOdDvNqquZymrmE3i3DFfdgVUuq-iWxr0+jvO3AF0NymnJK9Zg@mail.gmail.com> <CAPP_2SYNkReoDOjRKdEWtrP=ZGhPO2mKCoQm9Pm7LjcNLyoC+Q@mail.gmail.com> <CAPP_2SYLpKBo-rWV4oMG7V3FeN4aZ7fZEOdFgwFC8ASmFKmvqA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 09 Jun 2017 16:42:23 +0200
Message-ID: <CABkgnnWU09-kV8gAu6xZV7n-rvrmL6R98EzA7O7nxTjBMFntpQ@mail.gmail.com>
To: Emily Stark <estark@google.com>
Cc: Patrick McManus <mcmanus@ducksong.com>, httpbis <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.215.51; envelope-from=martin.thomson@gmail.com; helo=mail-lf0-f51.google.com
X-W3C-Hub-Spam-Status: No, score=-6.0
X-W3C-Hub-Spam-Report: AWL=0.041, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1dJL7j-00070R-0Q bc9c0555628c96ef20ec5d9f73893380
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Issue #356: Form-encode Expect-CT report bodies?
Archived-At: <http://www.w3.org/mid/CABkgnnWU09-kV8gAu6xZV7n-rvrmL6R98EzA7O7nxTjBMFntpQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33971
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 9 June 2017 at 16:38, Emily Stark <estark@google.com> wrote:
> Does anyone else have an opinion? If not, I'll probably go with text/plain.


After considering this, I would prefer to have this added to the CORS
exception list in the same way that CSP reporting is.  It is better to
have an accurate MIME type with an exception and accompanying analysis
of why it is safe to send these payloads than it is to just have the
spec try to route around the problem (tempting and easy as that might
be).

v2.23.0 | Report a Bug | By Email