Re: New Version Notification for draft-nottingham-site-wide-headers-01.txt

Martin Thomson <martin.thomson@gmail.com> Fri, 25 November 2016 01:21 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349B612A199 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 24 Nov 2016 17:21:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.498
X-Spam-Level:
X-Spam-Status: No, score=-8.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JCPzknrhCt0e for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 24 Nov 2016 17:21:12 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6214C1295D6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 24 Nov 2016 17:12:45 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1cA50o-0003Po-VX for ietf-http-wg-dist@listhub.w3.org; Fri, 25 Nov 2016 01:09:10 +0000
Resent-Date: Fri, 25 Nov 2016 01:09:10 +0000
Resent-Message-Id: <E1cA50o-0003Po-VX@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1cA50i-0003Of-Iy for ietf-http-wg@listhub.w3.org; Fri, 25 Nov 2016 01:09:04 +0000
Received: from mail-qt0-f170.google.com ([209.85.216.170]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1cA50c-0004nq-NI for ietf-http-wg@w3.org; Fri, 25 Nov 2016 01:08:59 +0000
Received: by mail-qt0-f170.google.com with SMTP id w33so53169417qtc.3 for <ietf-http-wg@w3.org>; Thu, 24 Nov 2016 17:08:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pj68/y8Ws5FzhdX96oJsWmkM/4kyG00AY6IJOq3/grY=; b=PIPX/UMKFJ6QZvjiYREGEbyPDuEN7BKYll0F61IMgqxQoDyYtjLA1TxUu0TyIaSh75 mpdC7C6s/USX154LlDYUWrJ6DyPlDH3CeEjzooTrsjBPlmODDuY/zpbsYfqPmYHAG+Cm X6wlwc4P9v8UC7OZhLChuFmsid08RaueVBCJqkdouJoj8Fisk0p+3dIJzA7zucbZeTHW l2PC5w1T8yeMLFSk2H5VVJR/b8QTE0Fz5HcfGW85FABdPSWe6h/iv3S2JM3cPH+ckYSn 9nPfv4Ro8OQpDGQhnBGRKuPOkfhnwgdtxsqZskseOh+vWSOpoCqGXPPDh/hByQqJ6W6A 2OsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pj68/y8Ws5FzhdX96oJsWmkM/4kyG00AY6IJOq3/grY=; b=SuRZaS6DbGhWvdvm/DdSaPWH/91CLQ98fzOg4toAc2cdFPunwDEs10rLIIqMhrGC39 GIE3uHAUXVFAmEEehaljImR6F/OVoQN9QEn2yo6Q8dx7LWn/OJ/I9gG2TUoJZOrWGybn SV43HgZm2mbUOpfOBDJXvsQAkMN317S5gtStgPdclJ/cZvEDbQIe6X6isnzDFxs7XyWh Q0cYe3XQvcN4AxmjgScGj+6Bmu5fZgO6u3zHsjh12nn+LKAUYlez/ffeIPjCi5lx0AHZ jTuEeUpQV8fN/oeKP9P1OgGG31dryJZiP9wsqRTu7jIXw+EtHbMlKT/4yCiaHWAwBA6I eDOQ==
X-Gm-Message-State: AKaTC01PfKdCJkvkDfJ9bsHEZUvYRA6CJ+33jDcRmMNGpM3z6VuIwrvVMVVbdfHSp0IJFZIgcnWCcsHHwe3khg==
X-Received: by 10.200.52.87 with SMTP id v23mr4924406qtb.143.1480036112367; Thu, 24 Nov 2016 17:08:32 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.85.101 with HTTP; Thu, 24 Nov 2016 17:08:31 -0800 (PST)
In-Reply-To: <C7052629-D5C8-4B03-B2DE-DF82F44F6F5F@mnot.net>
References: <147995400666.32746.15867339667353417986.idtracker@ietfa.amsl.com> <FCDFC352-5D68-456F-AFF4-39E9E1697AF2@mnot.net> <CABkgnnU6HrfkmqZhLFGMdKwLh2gcddH7eHbv--Tt_Vu8K+jnfw@mail.gmail.com> <C7052629-D5C8-4B03-B2DE-DF82F44F6F5F@mnot.net>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 25 Nov 2016 12:08:31 +1100
Message-ID: <CABkgnnXmShArmcP4FFkuN2_sxUOuhcdR_EGJLApeJUY_eYJCrA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Mike West <mkwst@google.com>, "Emily Stark (Dunn)" <estark@google.com>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.216.170; envelope-from=martin.thomson@gmail.com; helo=mail-qt0-f170.google.com
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=0.353, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1cA50c-0004nq-NI 831c7ee0c1961ae7854afd0e5997dbe6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-nottingham-site-wide-headers-01.txt
Archived-At: <http://www.w3.org/mid/CABkgnnXmShArmcP4FFkuN2_sxUOuhcdR_EGJLApeJUY_eYJCrA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33005
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 24 November 2016 at 16:40, Mark Nottingham <mnot@mnot.net> wrote:
> I sketched in a whitelist because site-wide headers are the exception, not the rule, and the designer of the header should really opt into it. Requiring a known prefix and whitelisting existing headers gives you that.

I don't see much value in them then.  As I said, sites are perfectly
capable of generating rubbish.

Add that to the bad taste that having people claim large swathes of
the header field name space leaves if you like.

>> You don't describe the consequences if someone puts a Date header
>> field in a site-wide resource.  You only say not to.
>
> Where do I say not to?

By saying that the header field has to be on the whitelist, you
implicitly forbid inclusion of other header fields.  But you don't
define rules for what to do if you see a header field that is not on
the whitelist.  Do you throw out the whole .wk resource?

> It says append. I suppose I could monkey-patch Fetch, if there's interest. Although in many ways, this kind of happens at a layer "below" Fetch.

Append works for me, but you aren't clear enough.  And I think that
you will find that Fetch (or is it just fetch?) wants control over
this stuff.