Re: Submitted new I-D: Cache Digests for HTTP/2

Chris Bentzel <chris@bentzel.net> Mon, 11 January 2016 10:47 UTC

Resent-Date: Mon, 11 Jan 2016 10:42:52 +0000
Resent-Message-Id: <E1aIZw4-00013U-RE@frink.w3.org>
MIME-Version: 1.0
In-Reply-To: <652C3E3A-3DA6-40BB-82FF-01A7D65FF65C@lukasa.co.uk>
References: <CAAMqGzYUoCMxBxUEY9wfLOHZp7nrO4d1q5JZo=96pfEbVS1-ew@mail.gmail.com> <652C3E3A-3DA6-40BB-82FF-01A7D65FF65C@lukasa.co.uk>
Date: Mon, 11 Jan 2016 05:42:20 -0500
Message-ID: <CABCZv0piAoDnA1J+2pJ3HyF_iRwj9AaFGfonFjdKGfYr=cGZgQ@mail.gmail.com>
From: Chris Bentzel <chris@bentzel.net>
To: Cory Benfield <cory@lukasa.co.uk>
Cc: Alcides Viamontes E <alcidesv@zunzun.se>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="047d7bdca2e873a40e05290c975e"
Received-SPF: none client-ip=209.85.213.181; envelope-from=chris@bentzel.net; helo=mail-ig0-f181.google.com
Subject: Re: Submitted new I-D: Cache Digests for HTTP/2
Archived-At: <http://www.w3.org/mid/CABCZv0piAoDnA1J+2pJ3HyF_iRwj9AaFGfonFjdKGfYr=cGZgQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list

The draft does cover some privacy concerns (such as clearing the digest
when cookies are cleared).

One concern not covered is how to deal with cases where a client may have
cached content from an origin with a mix of cookies. For example, if a user
has enabled third-party cookie blocking in a browser and has visited an
origin in both a first-party and third-party context there may be a mix of
cached content with a session identifier cookie and no cookie.

If the user re-visits that origin in a first-party context, the digest may
reveal content retrieved in a third-party context.

One option is to treat cached content as if there is an implicit Vary:
Cookie header and only include in the digest if it matches. The draft
already requires only including fresh cached entries in the digest so a
selection process for cached entries already will need to exist.

On Mon, Jan 11, 2016 at 3:16 AM, Cory Benfield <cory@lukasa.co.uk> wrote:

>
> > On 10 Jan 2016, at 17:11, Alcides Viamontes E <alcidesv@zunzun.se>
> wrote:
> >
> > Can we embed the cache digest in a header?
> > ——————————————————————————————
> >
>
> On a personal level I am extremely nervous about shoving 24kB of data into
> a header value. The practice of doing this for Kerberos tokens already
> caused us to require the CONTINUATION frame unpleasantness in RFC 7540.
> Generally speaking it seems like smuggling long strings in HTTP headers is
> a bit of an anti-pattern, and given that HTTP/2 gives us much nicer methods
> of transporting this kind of data it seems a shame not to use them.
>
> Cory
>
>

Re: Submitted new I-D: Cache Digests for HTTP/2 Alex Rousskov
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Alex Rousskov
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
Re: Submitted new I-D: Cache Digests for HTTP/2 Alex Rousskov
Re: Submitted new I-D: Cache Digests for HTTP/2 Cory Benfield
Re: Submitted new I-D: Cache Digests for HTTP/2 Chris Bentzel
Re: Submitted new I-D: Cache Digests for HTTP/2 Ilya Grigorik
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Amos Jeffries
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Amos Jeffries
Re: Submitted new I-D: Cache Digests for HTTP/2 Ilya Grigorik
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Cory Benfield
Re: Submitted new I-D: Cache Digests for HTTP/2 Ilya Grigorik
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Julian Reschke
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Richard Bradbury
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Eliezer Croitoru
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Eliezer Croitoru
Re: Submitted new I-D: Cache Digests for HTTP/2 Richard Bradbury
Re: Submitted new I-D: Cache Digests for HTTP/2 Amos Jeffries
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
RE: Submitted new I-D: Cache Digests for HTTP/2 Mike Bishop
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Stefan Eissing
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Martin Thomson
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
RE: Submitted new I-D: Cache Digests for HTTP/2 Mike Bishop
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E
RE: Submitted new I-D: Cache Digests for HTTP/2 Mike Bishop
Re: Submitted new I-D: Cache Digests for HTTP/2 Patrick McManus
Re: Submitted new I-D: Cache Digests for HTTP/2 Kazuho Oku
Re: Submitted new I-D: Cache Digests for HTTP/2 Alcides Viamontes E