Re: New Version Notification for draft-nottingham-site-wide-headers-01.txt

Martin Thomson <> Fri, 25 November 2016 00:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7D8C0129CB0 for <>; Thu, 24 Nov 2016 16:59:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.998
X-Spam-Status: No, score=-7.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QFokl7XJZXF6 for <>; Thu, 24 Nov 2016 16:59:39 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CDA1412A0F6 for <>; Thu, 24 Nov 2016 16:57:07 -0800 (PST)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1cA4mE-0001uC-3s for; Fri, 25 Nov 2016 00:54:06 +0000
Resent-Date: Fri, 25 Nov 2016 00:54:06 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1cA4m7-0001sn-QP for; Fri, 25 Nov 2016 00:53:59 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <>) id 1cA4m1-0005gQ-Ot for; Fri, 25 Nov 2016 00:53:54 +0000
Received: by with SMTP id p16so52971936qta.0 for <>; Thu, 24 Nov 2016 16:53:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=cAPogxQ9SdkgRseH1I7WLsD0kV389Dztymnz79alqdA=; b=sHX2cbkBzTyrP7g9ynpuloiFLv9/QZzIyOBPL4zdJs8yRJGBhum099vM8IkbpW3Q+L rpVqDSwPdUpXT0OrWtxU7aVxH3ww7hsHG8vBISUFtR6pi2/QRaJhiY1ey/H6auzUqXFf YBTlr+s0xrxjZoXgP7WLpfnXfSdIscdq1PGalrql5N2mLzff69x59Mk7Swprgp9BSrFM 27HG9QmYFToc0WjYO7i7ZxAYgRWAd+Zbr6WVxW5sVLJAmfOP/CxHeuD5JicOb6I1BdOr vPQFcp0lM7RKxP0P2r7P2TdOpWoVeIQkH23I8VIWkfi+dYrZtgMW4IE9rv+18MCRI6Ej a74Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=cAPogxQ9SdkgRseH1I7WLsD0kV389Dztymnz79alqdA=; b=CPWhb1BZupsacs9tlqkwXeK2a7sicildyilYaRDr91laPMotyX9EzEC7SjDDnRWanx LhOlVrDZdNzJEJIFRGy7cMvp2evUbgCzQC8ce3wncQo/ylO/1E6jYe8Isf+mH087VFXK 5FcQkHCmeqfPU6qubByYKDcMCET+zZGvUXAE9kUj2fKncqeSfBiUVBY7J2+Iz3WpM25H J7lj5W0pXD4+f8E7hwZ9rZ1YUv5rVbojSc4+ufNm5flSSyN66Ae63XRv8FYjQVR+nrrg nV2lOnIC1raj/rZIO0N6rbx32jwrtY34mTzHSt6JIp5Roan8vd29AXsyqtBjpUiQS65v bvjg==
X-Gm-Message-State: AKaTC02nCt5cR2cHL2pvRco7E6NUaZdL6YnCvnMg4CjwmZ/fTWrMLUtO0sE5zXBMsgwWffM3jRHR4we29zNXbw==
X-Received: by with SMTP id d27mr4888542qta.278.1480035207340; Thu, 24 Nov 2016 16:53:27 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Thu, 24 Nov 2016 16:53:26 -0800 (PST)
In-Reply-To: <>
References: <> <> <>
From: Martin Thomson <>
Date: Fri, 25 Nov 2016 11:53:26 +1100
Message-ID: <>
To: Mike West <>
Cc: Mark Nottingham <>, HTTP Working Group <>, "Emily Stark (Dunn)" <>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: AWL=0.102, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1cA4m1-0005gQ-Ot 2676c089f152c380ed318015ac9ac18d
Subject: Re: New Version Notification for draft-nottingham-site-wide-headers-01.txt
Archived-At: <>
X-Mailing-List: <> archive/latest/33003
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 24 November 2016 at 20:33, Mike West <> wrote:
>> Prettier (and latest) version available at:
> Thanks for the update, Mark! It seems like we agree on broad strokes: a
> well-known resource defines a set of things for an origin. Clients can
> preemptively grab that resource, or a server can push it down. I'm confident
> in that model, and I expect we'll be able to work out the details. :)

I think that setting these two proposals against each other is
creating fun where no fun is really needed.

I'm of the opinion that a well-known global resource (or set of
resources, because we're already there) that contained specific and
precise policies about an origin is valuable.  As Mike points out,
there are things that you can say more clearly when you aren't
constrained by saying something about a specific HTTP response.
That's a principled position that I can respect.

At the same time, we need to deal with the fact that we've got a bunch
of per-response header fields that are gradually proliferating.  At
some level, we're basically just looking for some better compression
(as Mark's draft points out, HPACK is pretty close to good enough for
this purpose).

The HTTP header fields stuff in Mike's draft is abominable.  I think
that Mark is much closer to an approach that will deploy successfully
for stuff that we currently have - at least in the short term.

Where the tension seems to come from is that all the existing stuff is
basically stuck in header fields for the foreseeable future.  That's
unpleasant, because even if we were to define principled equivalents
in terms of Mike's draft, then we're still stuck supporting header
fields indefinitely.  It makes the work to define the principled thing
much less appealing, because now you have two mechanisms to do the
same thing with all the duplication and conflicts that come from that.

(And hey, sorry for making this all personal by using names to
identify drafts, I'll try harder next time.)