Re: ID for Immutable

Patrick McManus <pmcmanus@mozilla.com> Fri, 28 October 2016 17:25 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78666129565 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 28 Oct 2016 10:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.851
X-Spam-Level:
X-Spam-Status: No, score=-6.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.431, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_dB5vnloF2p for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 28 Oct 2016 10:25:53 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87AAE129575 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 28 Oct 2016 10:25:53 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1c0ArO-0002JG-EG for ietf-http-wg-dist@listhub.w3.org; Fri, 28 Oct 2016 17:22:30 +0000
Resent-Date: Fri, 28 Oct 2016 17:22:30 +0000
Resent-Message-Id: <E1c0ArO-0002JG-EG@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <pmcmanus@mozilla.com>) id 1c0ArK-0002IQ-Ip for ietf-http-wg@listhub.w3.org; Fri, 28 Oct 2016 17:22:26 +0000
Received: from www.ducksong.com ([192.155.95.102] helo=linode64.ducksong.com) by titan.w3.org with esmtp (Exim 4.84_2) (envelope-from <pmcmanus@mozilla.com>) id 1c0ArE-0006Oy-Hn for ietf-http-wg@w3.org; Fri, 28 Oct 2016 17:22:21 +0000
Received: from mail-yw0-f172.google.com (mail-yw0-f172.google.com [209.85.161.172]) by linode64.ducksong.com (Postfix) with ESMTPSA id 956133A05B for <ietf-http-wg@w3.org>; Fri, 28 Oct 2016 13:21:58 -0400 (EDT)
Received: by mail-yw0-f172.google.com with SMTP id u124so95609715ywg.3 for <ietf-http-wg@w3.org>; Fri, 28 Oct 2016 10:21:58 -0700 (PDT)
X-Gm-Message-State: ABUngvdiQ8/ng4b8jMJt+QoZ9kDDZx+LMwORYDRnSwpVbOFk2UD5nhxphKDXLp2UmRs6SYEHgZK0uXmf2PdR2g==
X-Received: by 10.107.57.136 with SMTP id g130mr11538770ioa.178.1477675318412; Fri, 28 Oct 2016 10:21:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.228.236 with HTTP; Fri, 28 Oct 2016 10:21:57 -0700 (PDT)
In-Reply-To: <f9f0e413-1fbb-1faa-833b-5dc7d7ea1fdc@measurement-factory.com>
References: <CAOdDvNqam930_0eA1p3yHW+xDdOm0AAMKvVKe6xwNwm1itpRpQ@mail.gmail.com> <f9f0e413-1fbb-1faa-833b-5dc7d7ea1fdc@measurement-factory.com>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Fri, 28 Oct 2016 13:21:57 -0400
X-Gmail-Original-Message-ID: <CAOdDvNqTabR3zpRgjJVkBPdBVcOboCbG=5b6x+mKauwB1-w=Pw@mail.gmail.com>
Message-ID: <CAOdDvNqTabR3zpRgjJVkBPdBVcOboCbG=5b6x+mKauwB1-w=Pw@mail.gmail.com>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <pmcmanus@mozilla.com>
Content-Type: multipart/alternative; boundary="001a114ac1507293f2053ff01899"
Received-SPF: softfail client-ip=192.155.95.102; envelope-from=pmcmanus@mozilla.com; helo=linode64.ducksong.com
X-W3C-Hub-Spam-Status: No, score=-4.4
X-W3C-Hub-Spam-Report: AWL=-1.641, BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.665, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1c0ArE-0006Oy-Hn c1d6cf55d22709f97b2d3a527ea93df5
X-Original-To: ietf-http-wg@w3.org
Subject: Re: ID for Immutable
Archived-At: <http://www.w3.org/mid/CAOdDvNqTabR3zpRgjJVkBPdBVcOboCbG=5b6x+mKauwB1-w=Pw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/32708
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I do believe the lack of integrity protection in plaintext transfer is an
important security consideration for immutable that suggests they should
not be used together. I'm open to other wording on it for sure.. https://
might be sufficient here.





On Fri, Oct 28, 2016 at 12:50 PM, Alex Rousskov <
rousskov@measurement-factory.com> wrote:

> On 10/26/2016 03:02 PM, Patrick McManus wrote:
>
> >    o  Clients should ignore immutable for resources that are not part of
> >       a secure context [SECURECONTEXTS].
>
> Please think of the children^H^H^H^H proxies. AFAICT, "secure contexts"
> are currently a user agent concept. If the above "should" is meant to be
> a "SHOULD", then the draft automatically disqualifies most proxies from
> legally utilizing this promising "ignore reload" mechanism.
>
>
> Thank you,
>
> Alex.
>
>