Re: Editorial Issue: Persisted Settings... when does the client need to return them?

Roberto Peon <grmocg@gmail.com> Sat, 27 April 2013 21:39 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03A9121F9903 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Apr 2013 14:39:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fGz8KsJUzizy for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Apr 2013 14:39:07 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 3D6D821F9816 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 27 Apr 2013 14:39:07 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UWCpW-0004oI-UR for ietf-http-wg-dist@listhub.w3.org; Sat, 27 Apr 2013 21:38:50 +0000
Resent-Date: Sat, 27 Apr 2013 21:38:50 +0000
Resent-Message-Id: <E1UWCpW-0004oI-UR@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1UWCpS-0004n5-57 for ietf-http-wg@listhub.w3.org; Sat, 27 Apr 2013 21:38:46 +0000
Received: from mail-oa0-f48.google.com ([209.85.219.48]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1UWCpR-000435-AH for ietf-http-wg@w3.org; Sat, 27 Apr 2013 21:38:46 +0000
Received: by mail-oa0-f48.google.com with SMTP id f4so4920549oah.7 for <ietf-http-wg@w3.org>; Sat, 27 Apr 2013 14:38:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=BvvjlINniM9XzzTRGBYwZnfak6v1VlVmPhQPsrLXjXM=; b=wzpWYS1bjTatw6bK3rlreVxSEUXihR4ZMG9wSj9n3cDopq5+FyC4JyD/6gabhLuyeB llgwEDIj73gr13Yn5QLWHcUTwz9N1UanHKDZc+SnUgxv7q6E8vQTcVTAUNxo69sEyfpB ST0sZ1QCsQAXR4JdRkRh5IzEzPj3xXtUcc3u04rOtiwFw/GDmBF+2Fw/QaFGV0Rq+kN7 xRjgtKW52EEpb8jeatx3Kgn7xnXK3i+JlE4hHM5lIbOmgQGYIlp9oK2WdhBFJxvzKSpG J3pddlaTDz9XKmicf+KnotE3D57a0vEG1JzWbdWpTzrjsPruRs4wWFkOskC1QpZSkmZm ThsA==
MIME-Version: 1.0
X-Received: by 10.60.141.35 with SMTP id rl3mr26359574oeb.121.1367098699361; Sat, 27 Apr 2013 14:38:19 -0700 (PDT)
Received: by 10.76.12.103 with HTTP; Sat, 27 Apr 2013 14:38:19 -0700 (PDT)
In-Reply-To: <CABP7RbfRdi6eH-AXp57Pa1-m1c_9ZN3Xa+7E2RihdezX24WYpQ@mail.gmail.com>
References: <CABP7Rbcyf2FQH50OC1EgTr5+So_4tisVNZKOUBvKDe=fRgMbxA@mail.gmail.com> <CABkgnnXc2aw43aXMDM7oXoDcgDs3+03qwYfw6Sobz_tbMh_diA@mail.gmail.com> <CABP7RbfRdi6eH-AXp57Pa1-m1c_9ZN3Xa+7E2RihdezX24WYpQ@mail.gmail.com>
Date: Sat, 27 Apr 2013 14:38:19 -0700
Message-ID: <CAP+FsNdyQSXVRNbGqs_g1rm08Mrhc7haE3azThLU44Css7W3rA@mail.gmail.com>
From: Roberto Peon <grmocg@gmail.com>
To: James M Snell <jasnell@gmail.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary=047d7b339dbb5982df04db5e7838
Received-SPF: pass client-ip=209.85.219.48; envelope-from=grmocg@gmail.com; helo=mail-oa0-f48.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.685, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1UWCpR-000435-AH f0a35426f49025ce7fc6c1e280ef8f37
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Editorial Issue: Persisted Settings... when does the client need to return them?
Archived-At: <http://www.w3.org/mid/CAP+FsNdyQSXVRNbGqs_g1rm08Mrhc7haE3azThLU44Css7W3rA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17638
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

The AP couldn't set anything w.r.t settings unless you connect to it
specifically and it has a cert that your browser trusts, at least assuming
the model where settings are persisted only for sessions using verified
certs (like what is done with SPDY today).
And then the browser (at least Chrome) will forget the setting upon the
change of network.
And of course, one could just set a cookie instead of doing SETTINGS, but
then we announce it everyone, even when not useful. bleh.

We'll talk about it later anyway.


On Fri, Apr 26, 2013 at 8:39 PM, James M Snell <jasnell@gmail.com>; wrote:

> To be honest, the whole persistent settings thing gives me the
> willies, particularly given that SETTINGS as defined currently are
> generally specific to individual connections. If I'm on the road and
> on my phone connected temporarily to a free wifi access point, I don't
> necessarily want that access point being able to tell my phone to
> persistently store some piece of data that will never be used anywhere
> else... Not to mention the inherent privacy concerns...
>
> On Fri, Apr 26, 2013 at 8:06 PM, Martin Thomson
> <martin.thomson@gmail.com>; wrote:
> > Given that persisted settings are at risk, I think that we can defer
> > addressing this one.
> >
> > (I'd say that once is enough and that persisted settings need only be
> > returned at connection establishment time, but that's not the only
> > thing we need to address with persistent settings, I think.)
> >
> > On 26 April 2013 14:28, James M Snell <jasnell@gmail.com>; wrote:
> >> One bit that's not clear in the current draft...
> >>
> >> When the server asks the client to persist a setting, is the client
> >> required to return that setting in EVERY subsequent SETTINGS frame it
> >> sends to the server until the setting is cleared or is it only
> >> required to send the persisted settings once when a new session is
> >> established (i.e. in the client session header?)
> >>
>
>