IETF Logo Mail Archive

Re: #322: Origin

Mark Nottingham <mnot@mnot.net> Mon, 12 March 2012 11:11 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A5E21F8748 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 12 Mar 2012 04:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.836
X-Spam-Level:
X-Spam-Status: No, score=-8.836 tagged_above=-999 required=5 tests=[AWL=1.763, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YcY0U2K3Qqrb for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 12 Mar 2012 04:11:45 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 069D521F873A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 12 Mar 2012 04:11:44 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1S738m-0006Lv-Hl for ietf-http-wg-dist@listhub.w3.org; Mon, 12 Mar 2012 11:10:12 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <mnot@mnot.net>) id 1S738R-0006FG-Q6 for ietf-http-wg@listhub.w3.org; Mon, 12 Mar 2012 11:09:51 +0000
Received: from mxout-08.mxes.net ([216.86.168.183]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1S738L-0002Nk-Vh for ietf-http-wg@w3.org; Mon, 12 Mar 2012 11:09:50 +0000
Received: from mnot-mini.mnot.net (unknown [118.209.50.251]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 43767509B4; Mon, 12 Mar 2012 07:09:23 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="iso-8859-1"
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <4EE8D749.3080508@gmx.de>
Date: Mon, 12 Mar 2012 22:09:19 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <53703E66-B5DE-437F-B52B-434D36F10379@mnot.net>
References: <DDF6EEB5-8482-4B60-BBA3-16E07AC7E003@mnot.net> <4EE8D749.3080508@gmx.de>
To: Julian Reschke <julian.reschke@gmx.de>
X-Mailer: Apple Mail (2.1257)
Received-SPF: pass client-ip=216.86.168.183; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1S738L-0002Nk-Vh 6e26d38fd94dd5fab6687750c048b22f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #322: Origin
Archived-At: <http://www.w3.org/mid/53703E66-B5DE-437F-B52B-434D36F10379@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/12828
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1S738m-0006Lv-Hl@frink.w3.org>
Resent-Date: Mon, 12 Mar 2012 11:10:12 +0000

Picking this back up...

On 15/12/2011, at 4:05 AM, Julian Reschke wrote:

> On 2011-12-14 04:27, Mark Nottingham wrote:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/322>
>> 
>> Since we now have a definition of an Origin, it'd be good to use it where appropriate.
> 
> Not *entirely* convinced.
> 
>> Proposal for p7 2.2:
>> 
>> """A protection space is defined by the origin [ref to origin rfc], combined with the realm value (if present)."""
> 
> We currently have:
> 
> "canonical root URI (the scheme and authority components of the effective request URI; see Section 4.3 of [Part1])"
> 
> That is essentially the same as the Origin, if we add the the comparison rule from <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-17.html#rfc.section.2.7.3>
> 
> My concern is that the Origin spec does all these special things for case we don't need to care of. Maybe we should just define the "origin" of a effective request URI in Part 1, and state that it's the same as the one you'd get following the algorithm in the Origin spec?

OK. How would that impact p7?


> Proposal for p6 2.5:
>> 
>> """However, a cache MUST NOT invalidate a URI from a Location or Content-Location header field if that URI does not have the same origin as that of the effective request URI (section 4.3 of [Part1]), as specified in [ref to origin rfc]."""
> 
> Currently: "However, a cache MUST NOT invalidate a URI from a Location or Content-Location header field if the host part of that URI differs from the host part in the effective request URI (Section 4.3 of [Part1]). This helps prevent denial of service attacks."
> 
> So this is *different* from Origin in that it doesn't take the scheme and the port into account. Is this an intentional change?


Subsequent discussion was light, but Adam seemed to suggest that it would be good to align them. Any cache implementers care to comment?

--
Mark Nottingham   http://www.mnot.net/

v2.23.0 | Report a Bug | By Email