Re: Editorial Issue: Persisted Settings... when does the client need to return them?

James M Snell <jasnell@gmail.com> Sun, 28 April 2013 06:24 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7582821F8D90 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Apr 2013 23:24:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.422
X-Spam-Level:
X-Spam-Status: No, score=-10.422 tagged_above=-999 required=5 tests=[AWL=0.176, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7+B-0xaV9Yg for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Apr 2013 23:24:36 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 3AE2921F8CF0 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 27 Apr 2013 23:24:36 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UWL23-0000dx-3E for ietf-http-wg-dist@listhub.w3.org; Sun, 28 Apr 2013 06:24:19 +0000
Resent-Date: Sun, 28 Apr 2013 06:24:19 +0000
Resent-Message-Id: <E1UWL23-0000dx-3E@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jasnell@gmail.com>) id 1UWL1y-0000dB-JF for ietf-http-wg@listhub.w3.org; Sun, 28 Apr 2013 06:24:14 +0000
Received: from mail-oa0-f49.google.com ([209.85.219.49]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <jasnell@gmail.com>) id 1UWL1x-00033u-Ry for ietf-http-wg@w3.org; Sun, 28 Apr 2013 06:24:14 +0000
Received: by mail-oa0-f49.google.com with SMTP id j1so5068115oag.8 for <ietf-http-wg@w3.org>; Sat, 27 Apr 2013 23:23:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=IWrQi37S63FQcBd718tOK5OzMXebKJrzBNo5auEMGJ0=; b=mR/QZ+T1e561oehD4kmIPIc11UbvHtsQes6pMs46maObwwjnCdtyEy1TjuA9CgvUB3 i/U3LCqG+00pfco7gbG4fAqpZf80I+WGVUoBMPrAcDl1kltUnXoB8aOFR/0VQlSh3xxw tbm6N1LtPa70KJ/Dcp7sX4It6PfwNcbg7m0q1v0dEWJepYyjt9b8K+RMMkJJwykruBVF B1qVrLlI36cjTS8kOydYGy7DTP0eybDGH2sy+i5jogSNPOjaa/5xHEa7cgYj9zsDhyB9 wP5nXYCghclJhJGx7pU6bkhCl5X1JiAUDfHhjPuzR8zonS0WLD3fNqhrc255IuWeAhaS drxw==
MIME-Version: 1.0
X-Received: by 10.60.47.84 with SMTP id b20mr6792507oen.135.1367130227881; Sat, 27 Apr 2013 23:23:47 -0700 (PDT)
Received: by 10.60.3.137 with HTTP; Sat, 27 Apr 2013 23:23:47 -0700 (PDT)
Received: by 10.60.3.137 with HTTP; Sat, 27 Apr 2013 23:23:47 -0700 (PDT)
In-Reply-To: <CAP+FsNdyQSXVRNbGqs_g1rm08Mrhc7haE3azThLU44Css7W3rA@mail.gmail.com>
References: <CABP7Rbcyf2FQH50OC1EgTr5+So_4tisVNZKOUBvKDe=fRgMbxA@mail.gmail.com> <CABkgnnXc2aw43aXMDM7oXoDcgDs3+03qwYfw6Sobz_tbMh_diA@mail.gmail.com> <CABP7RbfRdi6eH-AXp57Pa1-m1c_9ZN3Xa+7E2RihdezX24WYpQ@mail.gmail.com> <CAP+FsNdyQSXVRNbGqs_g1rm08Mrhc7haE3azThLU44Css7W3rA@mail.gmail.com>
Date: Sat, 27 Apr 2013 23:23:47 -0700
Message-ID: <CABP7Rbd-32BnZ2zV5aaOcZDXP6JfTcCFiRhKqoXV2O4roAn0Cw@mail.gmail.com>
From: James M Snell <jasnell@gmail.com>
To: Roberto Peon <grmocg@gmail.com>
Cc: ietf-http-wg@w3.org, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c20b44988cb704db65cf98
Received-SPF: pass client-ip=209.85.219.49; envelope-from=jasnell@gmail.com; helo=mail-oa0-f49.google.com
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: AWL=-1.716, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UWL1x-00033u-Ry 658b9c2471b6ce8bf0adac744804a0b8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Editorial Issue: Persisted Settings... when does the client need to return them?
Archived-At: <http://www.w3.org/mid/CABP7Rbd-32BnZ2zV5aaOcZDXP6JfTcCFiRhKqoXV2O4roAn0Cw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17643
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

That's not what I see documented in the draft currently.  Pending update,
perhaps?
On Apr 27, 2013 2:38 PM, "Roberto Peon" <grmocg@gmail.com> wrote:

> The AP couldn't set anything w.r.t settings unless you connect to it
> specifically and it has a cert that your browser trusts, at least assuming
> the model where settings are persisted only for sessions using verified
> certs (like what is done with SPDY today).
> And then the browser (at least Chrome) will forget the setting upon the
> change of network.
> And of course, one could just set a cookie instead of doing SETTINGS, but
> then we announce it everyone, even when not useful. bleh.
>
> We'll talk about it later anyway.
>
>
> On Fri, Apr 26, 2013 at 8:39 PM, James M Snell <jasnell@gmail.com> wrote:
>
>> To be honest, the whole persistent settings thing gives me the
>> willies, particularly given that SETTINGS as defined currently are
>> generally specific to individual connections. If I'm on the road and
>> on my phone connected temporarily to a free wifi access point, I don't
>> necessarily want that access point being able to tell my phone to
>> persistently store some piece of data that will never be used anywhere
>> else... Not to mention the inherent privacy concerns...
>>
>> On Fri, Apr 26, 2013 at 8:06 PM, Martin Thomson
>> <martin.thomson@gmail.com> wrote:
>> > Given that persisted settings are at risk, I think that we can defer
>> > addressing this one.
>> >
>> > (I'd say that once is enough and that persisted settings need only be
>> > returned at connection establishment time, but that's not the only
>> > thing we need to address with persistent settings, I think.)
>> >
>> > On 26 April 2013 14:28, James M Snell <jasnell@gmail.com> wrote:
>> >> One bit that's not clear in the current draft...
>> >>
>> >> When the server asks the client to persist a setting, is the client
>> >> required to return that setting in EVERY subsequent SETTINGS frame it
>> >> sends to the server until the setting is cleared or is it only
>> >> required to send the persisted settings once when a new session is
>> >> established (i.e. in the client session header?)
>> >>
>>
>>
>