Mixed schemes

Martin Thomson <martin.thomson@gmail.com> Mon, 21 November 2016 03:01 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2CE61294FB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 20 Nov 2016 19:01:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.998
X-Spam-Level:
X-Spam-Status: No, score=-7.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uGkgAN0mO5vq for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 20 Nov 2016 19:01:54 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC8DD1294EB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 20 Nov 2016 19:01:54 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c8eoE-0001ay-OP for ietf-http-wg-dist@listhub.w3.org; Mon, 21 Nov 2016 02:58:18 +0000
Resent-Date: Mon, 21 Nov 2016 02:58:18 +0000
Resent-Message-Id: <E1c8eoE-0001ay-OP@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <martin.thomson@gmail.com>) id 1c8eo8-0001YI-T8 for ietf-http-wg@listhub.w3.org; Mon, 21 Nov 2016 02:58:12 +0000
Received: from mail-qk0-f179.google.com ([209.85.220.179]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <martin.thomson@gmail.com>) id 1c8eo3-00013i-3L for ietf-http-wg@w3.org; Mon, 21 Nov 2016 02:58:07 +0000
Received: by mail-qk0-f179.google.com with SMTP id x190so334015465qkb.0 for <ietf-http-wg@w3.org>; Sun, 20 Nov 2016 18:57:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=TTHzTsninH0iQi1xESwEhaEEyMJ9IlWm5IG0NMhdef0=; b=uqW9TEvQfpvu7dLFJ8CDoCWleY6qF+6v2ffh7IJUmAPdw4t48f8Hf0NM/S0f53w7Ms JI3xfb+6LOIEfnjF1jm8c9QAlCcXn4xxNlzXotGRa6e1tU2Cfe9+ryRCbpY7jEyWih4Y V9npKUUNNdPA1FlQOH9Wlsbc20lm/1NpuQ5V/Npda6/9UWW9Dw+uvExbR4Ytz7uGiF4x HQ1x/XtJaRljzwYdSIAj1TLiCJtR4poxhl6L/AhGkU+1aQyyl1wdwsVwfZuQGPiu+fui yYGi1uTyvibSU1SCJYNlQHp2DMJID10vsBx823lwAdK+V1rQjUR69ptns52qHp7N8VHD YhKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=TTHzTsninH0iQi1xESwEhaEEyMJ9IlWm5IG0NMhdef0=; b=corroBD3tKb2hED3zd56HfsmQSgrXNK3FOc/0ZU/m/lFCa7LOEKKRfnf3R9GoE/ec6 fq1s3Komco5HvslKjaou4CTGA71iUvHr+7CeC7zoCXBmo2npr4jgXCcTmeARPqBe/syg xT1gMrUzO4hzTgn0O1KVmoK0wifGbcMswvN/x+9ANzPdQ1sGTvRI22PSWEiNo10z7Fqw 8YIdKeeRk8wg5UlQBIbg4538A7KmCBH3j9AnU9ZhI/TpMUnWVspLxex4V7l0pNR8OtdE YgTnRz638vqix5l3NQmvnWaPOt3WnOB5ETIMXzaB5EIETCHLT5hzE5L7jMilniUX8laq 6dVw==
X-Gm-Message-State: AKaTC01t15ada5sY2VuvBepgjs07WQPI1Aq+853yeoH7pONBlwPALQ+b4WpfmGHo2aNx3AI+FPJErCHw8G7/7g==
X-Received: by 10.55.150.131 with SMTP id y125mr13099881qkd.115.1479695387235; Sun, 20 Nov 2016 18:29:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.85.101 with HTTP; Sun, 20 Nov 2016 18:29:46 -0800 (PST)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 21 Nov 2016 13:29:46 +1100
Message-ID: <CABkgnnWHO3ffdeviYjCEzqao43cUMWGmjmNGxM=OHg2G4SXGwA@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>, Erik Nygren <erik+ietf@nygren.org>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=209.85.220.179; envelope-from=martin.thomson@gmail.com; helo=mail-qk0-f179.google.com
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: AWL=0.102, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c8eo3-00013i-3L fba28d77d8fafc785cfee81bcc42b3fa
X-Original-To: ietf-http-wg@w3.org
Subject: Mixed schemes
Archived-At: <http://www.w3.org/mid/CABkgnnWHO3ffdeviYjCEzqao43cUMWGmjmNGxM=OHg2G4SXGwA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32938
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Patrick (perhaps indirectly) suggested that we can harness a Firefox bug here:

  https://github.com/httpwg/http-extensions/pull/270

That is, rather than mention that coalescing between https and http
might happen, forbid it instead.

I'm fairly sure that this will address the concerns Erik had.  Maybe
too effectively; objections like this would be good to hear.

I didn't add any text here about coalescing two http:// origins.  I
don't want to close this issue until we resolve that too.  Should we:

1. allow coalescing of two http:// origins by default
2. forbid coalescing of two http:// origins without an explicit signal

My preference is for option 2.

Let's be perfectly clear, there's no inherent protocol reason why we
can't coalesce.  But this stems from an (over)abundance of caution.
We can develop explicit opt-in signals regarding coalescing if it came
to that ... #include <ORIGIN frame discussions>.