Re: New Version Notification for draft-nottingham-site-wide-headers-01.txt

Martin Thomson <> Fri, 25 November 2016 01:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 349B612A199 for <>; Thu, 24 Nov 2016 17:21:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.498
X-Spam-Status: No, score=-8.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JCPzknrhCt0e for <>; Thu, 24 Nov 2016 17:21:12 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6214C1295D6 for <>; Thu, 24 Nov 2016 17:12:45 -0800 (PST)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1cA50o-0003Po-VX for; Fri, 25 Nov 2016 01:09:10 +0000
Resent-Date: Fri, 25 Nov 2016 01:09:10 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1cA50i-0003Of-Iy for; Fri, 25 Nov 2016 01:09:04 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <>) id 1cA50c-0004nq-NI for; Fri, 25 Nov 2016 01:08:59 +0000
Received: by with SMTP id w33so53169417qtc.3 for <>; Thu, 24 Nov 2016 17:08:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pj68/y8Ws5FzhdX96oJsWmkM/4kyG00AY6IJOq3/grY=; b=PIPX/UMKFJ6QZvjiYREGEbyPDuEN7BKYll0F61IMgqxQoDyYtjLA1TxUu0TyIaSh75 mpdC7C6s/USX154LlDYUWrJ6DyPlDH3CeEjzooTrsjBPlmODDuY/zpbsYfqPmYHAG+Cm X6wlwc4P9v8UC7OZhLChuFmsid08RaueVBCJqkdouJoj8Fisk0p+3dIJzA7zucbZeTHW l2PC5w1T8yeMLFSk2H5VVJR/b8QTE0Fz5HcfGW85FABdPSWe6h/iv3S2JM3cPH+ckYSn 9nPfv4Ro8OQpDGQhnBGRKuPOkfhnwgdtxsqZskseOh+vWSOpoCqGXPPDh/hByQqJ6W6A 2OsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pj68/y8Ws5FzhdX96oJsWmkM/4kyG00AY6IJOq3/grY=; b=SuRZaS6DbGhWvdvm/DdSaPWH/91CLQ98fzOg4toAc2cdFPunwDEs10rLIIqMhrGC39 GIE3uHAUXVFAmEEehaljImR6F/OVoQN9QEn2yo6Q8dx7LWn/OJ/I9gG2TUoJZOrWGybn SV43HgZm2mbUOpfOBDJXvsQAkMN317S5gtStgPdclJ/cZvEDbQIe6X6isnzDFxs7XyWh Q0cYe3XQvcN4AxmjgScGj+6Bmu5fZgO6u3zHsjh12nn+LKAUYlez/ffeIPjCi5lx0AHZ jTuEeUpQV8fN/oeKP9P1OgGG31dryJZiP9wsqRTu7jIXw+EtHbMlKT/4yCiaHWAwBA6I eDOQ==
X-Gm-Message-State: AKaTC01PfKdCJkvkDfJ9bsHEZUvYRA6CJ+33jDcRmMNGpM3z6VuIwrvVMVVbdfHSp0IJFZIgcnWCcsHHwe3khg==
X-Received: by with SMTP id v23mr4924406qtb.143.1480036112367; Thu, 24 Nov 2016 17:08:32 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Thu, 24 Nov 2016 17:08:31 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <>
From: Martin Thomson <>
Date: Fri, 25 Nov 2016 12:08:31 +1100
Message-ID: <>
To: Mark Nottingham <>
Cc: HTTP Working Group <>, Mike West <>, "Emily Stark (Dunn)" <>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=0.353, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1cA50c-0004nq-NI 831c7ee0c1961ae7854afd0e5997dbe6
Subject: Re: New Version Notification for draft-nottingham-site-wide-headers-01.txt
Archived-At: <>
X-Mailing-List: <> archive/latest/33005
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 24 November 2016 at 16:40, Mark Nottingham <> wrote:
> I sketched in a whitelist because site-wide headers are the exception, not the rule, and the designer of the header should really opt into it. Requiring a known prefix and whitelisting existing headers gives you that.

I don't see much value in them then.  As I said, sites are perfectly
capable of generating rubbish.

Add that to the bad taste that having people claim large swathes of
the header field name space leaves if you like.

>> You don't describe the consequences if someone puts a Date header
>> field in a site-wide resource.  You only say not to.
> Where do I say not to?

By saying that the header field has to be on the whitelist, you
implicitly forbid inclusion of other header fields.  But you don't
define rules for what to do if you see a header field that is not on
the whitelist.  Do you throw out the whole .wk resource?

> It says append. I suppose I could monkey-patch Fetch, if there's interest. Although in many ways, this kind of happens at a layer "below" Fetch.

Append works for me, but you aren't clear enough.  And I think that
you will find that Fetch (or is it just fetch?) wants control over
this stuff.