IETF Logo Mail Archive

RE: Origin-signed responses

Lucas Pardue <Lucas.Pardue@bbc.co.uk> Fri, 01 September 2017 17:07 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F637132F42 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 1 Sep 2017 10:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ira8rvGzxMGn for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 1 Sep 2017 10:07:05 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BBD0134213 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 1 Sep 2017 10:07:05 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1dnpMz-0007wK-Bc for ietf-http-wg-dist@listhub.w3.org; Fri, 01 Sep 2017 17:04:37 +0000
Resent-Date: Fri, 01 Sep 2017 17:04:37 +0000
Resent-Message-Id: <E1dnpMz-0007wK-Bc@frink.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <Lucas.Pardue@bbc.co.uk>) id 1dnpMp-0007vT-Mq for ietf-http-wg@listhub.w3.org; Fri, 01 Sep 2017 17:04:27 +0000
Received: from mailout1.telhc.bbc.co.uk ([132.185.161.180]) by mimas.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <Lucas.Pardue@bbc.co.uk>) id 1dnpMn-0006bc-IQ for ietf-http-wg@w3.org; Fri, 01 Sep 2017 17:04:27 +0000
Received: from BGB01XI1005.national.core.bbc.co.uk ([10.184.50.55]) by mailout1.telhc.bbc.co.uk (8.15.2/8.15.2) with ESMTP id v81H43Gm023576; Fri, 1 Sep 2017 18:04:03 +0100 (BST)
Received: from BGB01XUD1012.national.core.bbc.co.uk ([10.161.14.10]) by BGB01XI1005.national.core.bbc.co.uk ([10.184.50.55]) with mapi id 14.03.0319.002; Fri, 1 Sep 2017 18:04:03 +0100
From: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
To: Jeffrey Yasskin <jyasskin@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: Origin-signed responses
Thread-Index: AQHTI0D1bNGPyvEj4E2jhCq3mpGgO6KgPnPB
Date: Fri, 01 Sep 2017 17:04:02 +0000
Message-ID: <7CF7F94CB496BF4FAB1676F375F9666A37766651@bgb01xud1012>
References: <CANh-dXkbqBpGUrr-dXceQ5HzDjC6mSrrudTKjWwaBQcSO584ug@mail.gmail.com>
In-Reply-To: <CANh-dXkbqBpGUrr-dXceQ5HzDjC6mSrrudTKjWwaBQcSO584ug@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.19.161.212]
x-exclaimer-md-config: 1cd3ac1c-62e5-43f2-8404-6b688271c769
x-tm-as-product-ver: SMEX-11.0.0.4255-8.100.1062-23282.006
x-tm-as-result: No--20.434100-0.000000-31
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: pass client-ip=132.185.161.180; envelope-from=Lucas.Pardue@bbc.co.uk; helo=mailout1.telhc.bbc.co.uk
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-0.068, BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, W3C_NW=0.5
X-W3C-Scan-Sig: mimas.w3.org 1dnpMn-0006bc-IQ c8a7264eaa69b66e39846fb0a29d674c
X-Original-To: ietf-http-wg@w3.org
Subject: RE: Origin-signed responses
Archived-At: <http://www.w3.org/mid/7CF7F94CB496BF4FAB1676F375F9666A37766651@bgb01xud1012>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/34424
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Jeffrey,

I spotted this yesterday and found it an interesting read, so thanks for starting a discussion.

Your draft references draft-cavage-http-signatures, which we have been using on a project to add some authenticity to HTTP/2 pushed content. I'm still processing your draft but can see how it might complement our approach or help satisfy the higher goal.

Meanwhile, web packaging is beyond the scope of my needs.

Therefore I support the split because it's provides a more compelling document to consider, in my particular use case.

Kind regards
Lucas
________________________________________
From: Jeffrey Yasskin [jyasskin@google.com]
Sent: 01 September 2017 17:35
To: HTTP Working Group
Subject: Origin-signed responses

Hi all,

When I brought web packaging to IETF99 DISPATCH
(https://datatracker.ietf.org/doc/minutes-99-dispatch/), several
people said they wanted to see what it would look like split into
layers. https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-00.html
discusses use cases and an outline of what the signing layer needs to
look like, but doesn't include an actual proposal for signatures yet.

What do you think? Is splitting the packaging proposal still the right approach?

I've also started a thread in art@ to talk about the packaging use
cases overall: https://mailarchive.ietf.org/arch/msg/art/gaS8EHxsdzcyPCaSqSyWSh-WbMY

Thanks,
Jeffrey



-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------

v2.23.0 | Report a Bug | By Email