IETF Logo Mail Archive

Re: could we have some sort of Is-Autonomous header?

"Soni L." <fakedme+http@gmail.com> Sun, 17 March 2024 18:52 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7086FC14F5FD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 17 Mar 2024 11:52:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.858
X-Spam-Level:
X-Spam-Status: No, score=-2.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="SkW9ptVj"; dkim=pass (2048-bit key) header.d=w3.org header.b="Y7UUJiuz"; dkim=pass (2048-bit key) header.d=gmail.com header.b="LOG9PGWm"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sqOTKleuA8NW for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 17 Mar 2024 11:52:10 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F3D8C14F5F6 for <httpbisa-archive-bis2Juki@ietf.org>; Sun, 17 Mar 2024 11:52:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=BDNfOCh5ssYlsCPdpgH90DnAl6fV4kzkrsrNpPOLdWs=; b=SkW9ptVjs20XYTX0pYu462Ma2i WtJSN/qHVUkYQqm7PDCN528xk3e4r5oEbHBBI/SqaT/TaVX16zJpDL2gRxPc4mZXokHAMJR5E/Ww1 TX+2q9Rh7XMofBaVe/G6IQzDQo8Hr1/6q2aVDl2gVV8z8jFFto/NqdVyHfF2qposuh71Dc9ZVpwzs 27QWPC5QDPv9J813Z/nYWydsDn1mY5yODo7mMfKlQU409wkDEtz6riZFKmU8N4QCro5UR91DEQ6xM VjeD6B2qx8DtvyisSKI01OFr21EJXvMOL4JYEAWsiV0D35YeDFkAl5i+vd1NQuSiBQZCizddemaGb Kang+1Zg==;
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1rlvbt-00Eyjh-N6 for ietf-http-wg-dist@listhub.w3.org; Sun, 17 Mar 2024 18:51:53 +0000
Resent-Date: Sun, 17 Mar 2024 18:51:53 +0000
Resent-Message-Id: <E1rlvbt-00Eyjh-N6@lyra.w3.org>
Received: from puck.w3.org ([34.196.82.207]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fakedme@gmail.com>) id 1rlvbr-00Eyif-71 for ietf-http-wg@listhub.w3.org; Sun, 17 Mar 2024 18:51:51 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=BDNfOCh5ssYlsCPdpgH90DnAl6fV4kzkrsrNpPOLdWs=; t=1710701511; x=1711565511; b=Y7UUJiuzonkMneDuw5400E79bi8JGViMGORDS9sPjbpwdMtg9nPvvaYJI3FY+nHf7awCU5wvs24 qCnCYbvKM+xdNJedSX44YNysR6veaFAQBnHMUxFkUbwenjxv5p7hM/We20Ey8PjCLBNAgdkGm1IWe qBTezBpmvTi5VARN/uf4i3Rrr6E9qRmFFsRIDxEdXVyjXMnvkRmPt1aZIZcXNGCq3apeMTFroh4pH py9gocOYAGaPGhBlyRPyCRw+2lZ5EJdH+M2jr69ZTXiUhF2llBCoVvfv8NiuzR8uelK4NF3qTwQiu 4qD21jp+x1G8LruB7M+bHRzKmDtbqM8Qbdeg==;
Received-SPF: pass (puck.w3.org: domain of gmail.com designates 2a00:1450:4864:20::52d as permitted sender) client-ip=2a00:1450:4864:20::52d; envelope-from=fakedme@gmail.com; helo=mail-ed1-x52d.google.com;
Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <fakedme@gmail.com>) id 1rlvbq-008zTN-1e for ietf-http-wg@w3.org; Sun, 17 Mar 2024 18:51:50 +0000
Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-5684db9147dso4781031a12.2 for <ietf-http-wg@w3.org>; Sun, 17 Mar 2024 11:51:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710701506; x=1711306306; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BDNfOCh5ssYlsCPdpgH90DnAl6fV4kzkrsrNpPOLdWs=; b=LOG9PGWmbiJcyTTysTV8dA7Hm13/KC0ItTs3ivm8S4DvwAEkbd7YcVsA2PTLYM5PNv +dl5lYm6NJxulc/TSpZ0U1Kqae5MlJlAgAMV2XymZ1HpPHucQRsPJs3iZodSby2GPW5K 8Zj7e9nzWpY3bF4LFauuanedqqUH5KJVzMpqTVIOJNwC3IuBohRFefR/8eB796xt2n1g lhVjhtjE6u4smadWT/bEXyb0ctOK/mOFBGzsGBzoxMHAkvaBeqP/rNd6VUtjLPRggn60 ZkVwMbjg0rm3xDSoeynEVjGuRmc2b9M45K8LKH/YswCV65kiT3uMo0CxSHYu3iHAX2HT al7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710701506; x=1711306306; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BDNfOCh5ssYlsCPdpgH90DnAl6fV4kzkrsrNpPOLdWs=; b=a1C+4JgfU4dEBNZBNnl4PblIXPDjTI/9YSPvEgJFDffmrLKNmyiv28jvrP75oNZbVD iZ6Tt3rS92fBc4xUr1j5GQAmHKt2TNLJbde+EpX7urb7Esq+ZeAXphn6E2F3f1Vh41o5 qqzAlgtn/JGnuPm8UwyRpW0QSU+/Gv2xC62LM9fFD4YXBeg1dsTPEP6Kujdk9GYLTSLQ Y8j5I8HlAVtwjmveeCMwLcYuJiDILErr3QXTPMjVgqvxzcm5/dUUqbZQ6fJzq/GjLwlI FuQfCv4qSoJTPQYc0/mp2f19s+jtrFCL1qjCYqcmxWJcDbiohPDI2HwZTYK8yR/qx3N+ lMlg==
X-Gm-Message-State: AOJu0YyGNXsNkuE/WB1BD6EunZVLSQahPuPSOe6YJYqBwJRMTsivAB84 4iaB1BtAw9aOG+FCe3U1S8feTfNaQsg/Va1TYFXyyfOlLRq69ws9bZGtW611s8dX0eXcpqiTpE9 y3im7P23Cq6be+Y6xyIIrBdLFdg0=
X-Google-Smtp-Source: AGHT+IGDsqUjuY3hDHbpzKFh98Caq/kk0THFghfTmZOko0/Jlr6aujefNibLs9GNSMRX+siL2H9CFBxuSxGsrM/i/Yk=
X-Received: by 2002:a05:6402:5cf:b0:568:b622:f230 with SMTP id n15-20020a05640205cf00b00568b622f230mr4300705edx.36.1710701506294; Sun, 17 Mar 2024 11:51:46 -0700 (PDT)
MIME-Version: 1.0
References: <cac456fe-6385-4afb-913e-e730f68439d8@gmail.com> <8715d343-a547-49f0-857c-459bad7a4844@evertpot.com>
In-Reply-To: <8715d343-a547-49f0-857c-459bad7a4844@evertpot.com>
From: "Soni L." <fakedme+http@gmail.com>
Date: Sun, 17 Mar 2024 15:51:31 -0300
Message-ID: <CA+-cKyPC+LTG7UC3QMtw6wtJf+sM_NzUcbfBqLA3vXkhyLBWXw@mail.gmail.com>
To: Evert Pot <me@evertpot.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000997ed90613dfbb4a"
X-W3C-Hub-DKIM-Status: validation passed: (address=fakedme@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: puck.w3.org 1rlvbq-008zTN-1e c7869382aa69c08e42bc8d1050e618c4
X-Original-To: ietf-http-wg@w3.org
Subject: Re: could we have some sort of Is-Autonomous header?
Archived-At: <https://www.w3.org/mid/CA+-cKyPC+LTG7UC3QMtw6wtJf+sM_NzUcbfBqLA3vXkhyLBWXw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51889
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

sure? uh we don't really have a strong opinion or anything, as long as we
can implement it in our own link preview system...

(hard part might be getting any sort of consensus)

oh uh, would messing with the Accept header break anything for static
websites? those can't really vary the response based on the Accept
header... tho it also feels kinda weird that an Accept header would lead to
a redirect...

On Sun, Mar 17, 2024, 12:55 Evert Pot <me@evertpot.com> wrote:

>
> On 2024-03-16 07:51, Soni L. wrote:
>
> hello!
>
> one of the issues with fediverse is how each instance caches other
> instances' posts, but when you copy the link to a post it gives you a link
> to your own instance. this link then either does a redirect (which is
> dangerous and mastodon is deprecating it), shows an interstitial (new
> versions of mastodon do this), or shows the cached content (most other
> instances do this).
>
> doing a redirect is bad because it paves way for certain kinds of phishing
> attacks. but it preserves the original opengraph metadata, allowing for
> seamless link previews.
>
> an interstitial is great because it reduces the chances of those phishing
> attacks. but it breaks the opengraph metadata, so you don't get link
> previews.
>
> the third case we don't talk about because it's not really relevant to
> this post. (except minimally it is, more on that in a bit.)
>
> so the Is-Autonomous header would ideally be set by link preview systems
> and not by anyone else (explicitly not by browsers). when a server sees
> Is-Autonomous, it could change its behaviour in any of the following ways:
>
> - instead of showing an interstitial, it could do a redirect.
> - instead of rendering an entire regular page template, it could render
> just the opengraph metadata.
> - it could reject the request altogether.
>
> the first 2 of these are great incentives to use the Is-Autonomous header:
> the first one makes link previews work, and the second one saves bandwidth
> both on the server and on the link preview system. we believe these
> benefits outweigh the drawback of the third for anyone interested in
> deploying this.
>
> but enough with what we believe, what does the http wg think?
>
> Based on the use-case, this seems more like a job for a 'preview'-related
> media-type in an Accept header.
>
>
>

v2.23.0 | Report a Bug | By Email