Re: New Version Notification for draft-nottingham-http-availability-hints-01.txt

Jeremy Roman <jbroman@chromium.org> Thu, 05 September 2024 15:24 UTC

Received: by ietfa.amsl.com (Postfix) id 70EFBC14F686; Thu, 5 Sep 2024 08:24:35 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7035CC14F681 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Sep 2024 08:24:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.005
X-Spam-Level:
X-Spam-Status: No, score=-3.005 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="hS44K2fP"; dkim=pass (2048-bit key) header.d=w3.org header.b="IPtMUly8"; dkim=pass (1024-bit key) header.d=chromium.org header.b="eyMdK1Kt"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMQAdaufepsp for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Sep 2024 08:24:31 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED875C14F617 for <httpbisa-archive-bis2Juki@ietf.org>; Thu, 5 Sep 2024 08:24:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=vCPhvRk9JGzWsWuE6Nt3ImL4yJ6VtYYKV8gjlvKpILk=; b=hS44K2fPJ/N8Tt4RnIAqWUIUFI zFkX5uBG8d7VQZbso+BU9BmZYQbX7SXASbSg2xm0oDtiE9jEGNp3o9IqUeQpBZefMDZ+g8zkkyOd+ LJtT/6JdcGzZgZOOTNI5dPyAKdE80zfokiq/OsNnmOH791XB+2MoStPw9MwSh2RnqlRnx6p6aRPRW CINmFl4WCHqduARHlq61evnSZoDV1ftPeFTGOuWO8YLVBhRjgWrbD5OBJ624l1inKp7QzSLSjSNJH Cmffu8YgRm2vt5QDGaADB5/PyRrZ7qXwaPOjg+vXGlqgiw0ulv5dzZWMUP74MtmFDUiD8ahoyDIkC pUq86nxw==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1smEKX-009ChO-2b for ietf-http-wg-dist@listhub.w3.org; Thu, 05 Sep 2024 15:23:29 +0000
Resent-Date: Thu, 05 Sep 2024 15:23:29 +0000
Resent-Message-Id: <E1smEKX-009ChO-2b@mab.w3.org>
Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <jbroman@chromium.org>) id 1smEKW-009CgP-1D for ietf-http-wg@listhub.w3.internal; Thu, 05 Sep 2024 15:23:28 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=vCPhvRk9JGzWsWuE6Nt3ImL4yJ6VtYYKV8gjlvKpILk=; t=1725549808; x=1726413808; b=IPtMUly8Z1UqxQDT8Y/zfv9+l9G4qiNZn4ldbX4oaFV9WQEN2Ufc5ht7dJfQbdJgaxU3ev6U9O4 LlBhro0TTjcjl7lV/Bx8sJ4kbgDf1HpsVpcbdMsVVBIiWbq5DJMGgldEBNXi47tOpWdGAGm7/T4zG MHoi65EJmLPa2Bp101jSN8YC+HfMQt0zRQrzj8rrOLvIBY3rRG8AtDCUvW1/gj3EcZFP/I37l+8ib tzyh134PtF/MRQ5KHoo9pXu0kU6FKc+trii4rzShAteoMWhvJxG8R8gNyK9YQpcsRano9UOMeInii m2usPQQSWRv/4zcasImDoU0xO3JjZCgUW+iQ==;
Received-SPF: pass (pan.w3.org: domain of chromium.org designates 2a00:1450:4864:20::635 as permitted sender) client-ip=2a00:1450:4864:20::635; envelope-from=jbroman@chromium.org; helo=mail-ej1-x635.google.com;
Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <jbroman@chromium.org>) id 1smEKV-00B9E5-22 for ietf-http-wg@w3.org; Thu, 05 Sep 2024 15:23:28 +0000
Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-a8a7596b7dfso120136766b.0 for <ietf-http-wg@w3.org>; Thu, 05 Sep 2024 08:23:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1725549803; x=1726154603; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vCPhvRk9JGzWsWuE6Nt3ImL4yJ6VtYYKV8gjlvKpILk=; b=eyMdK1Kt13Xu4rtTknu86B0AH9nGquwDJ1xvhXAfBbatFU+zpKef70e5xjbTcrEAth bnEfr5AmsuLUwEBHf8Lx46n9AK0+/Ne9e5c4ad/E0EiZoAudgBFn6vnxJWjc3QxcLH62 X3xpwkTJ8tF2tE1n9LJFwfPJ/eWffMOu+EqzI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725549803; x=1726154603; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vCPhvRk9JGzWsWuE6Nt3ImL4yJ6VtYYKV8gjlvKpILk=; b=bavMzR9m6MbrwMGEeVkGisi6TtNWyxkFuu/BkKNj9J/QOLl3I/rekyPVZFErWLxOOA erDmVPCrX7nTzuXGk+LHs2wyMFRfyFDitVg+B+LdNmFtc2Q1JdnMj9ZlONC4L2IZjZEj 2MEyDC1FI6bED7d485vhQFpzJs9XxjEQfMYJN6KWmcOq3Fugnc4Zr/yz5aI2MPPCUMcr SKdaPMYUly5qLbfhgoCx4Se3/JXuw/X7K9ZmYyAtaXQHecJGefeLhvx/G+LhI8MX2HTi 0A6uZHHf/RHUOhRZ6pnm8LxwH13MorPLzDORYUyUdyDsdCgUJJpw6PZVwew5+qaae4CE qEKA==
X-Forwarded-Encrypted: i=1; AJvYcCVx1lWHGDhwHZp7rhtYL+c6u2oD27zSxBUN9UyFlzerYE/raC3rH1Y1Y9JJYlZ5b4FDhaod093UcXsC2mk=@w3.org
X-Gm-Message-State: AOJu0YxTdyG1kWAdWB6PH24eYvywUgHlJXSBtneg2Chbklup8dF5U7Nf RdHdleZftb+Ha19Qv9paP3KTZ7R0xp1G/Hp5J5KqLOLu7uHEeNZGXsrzOQ8xgS2jfIEY98j9RFQ 9DDdSjUMAJOK+ThfFOUFETtCC3BYM4oeE7Dte
X-Google-Smtp-Source: AGHT+IEWFBXNVCWFJyhdSX5udT37Gf5zWk8xTSeeVeMXzvht2+OTOIpaz+BasLYdGCy6U7HMWjIqvEdX3Zk3oHGZroM=
X-Received: by 2002:a17:907:3e21:b0:a77:dbf9:118f with SMTP id a640c23a62f3a-a8a42fdb993mr682903966b.13.1725549803173; Thu, 05 Sep 2024 08:23:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAEmMwDwFmK_wuQg4gnjj4rbVr5Wb_m+f3MFuTXFmA7ZMCvMKEA@mail.gmail.com> <AFB140A5-1611-49ED-9C33-9E5675201286@mnot.net> <CAEmMwDzHKF=ZP4t80YMB9F_Y3kNie2HLR_11eiYPr5+cLGagqw@mail.gmail.com> <AE0EDA5C-717E-4EE2-980D-E911B1B28CA6@mnot.net> <CACQYfiLo33WtkLCOLcZdJJOah7OGJBZju9ekRzF0xJm5MuUhSw@mail.gmail.com>
In-Reply-To: <CACQYfiLo33WtkLCOLcZdJJOah7OGJBZju9ekRzF0xJm5MuUhSw@mail.gmail.com>
From: Jeremy Roman <jbroman@chromium.org>
Date: Thu, 05 Sep 2024 11:23:11 -0400
Message-ID: <CACuR13f-zhymer22h06E_kNUSE0GL=Yd8H3cRNcdxSh4h1X0=Q@mail.gmail.com>
To: Valentin Gosu <valentin.gosu@gmail.com>
Cc: Mark Nottingham <mnot@mnot.net>, Rory Hewitt <rory.hewitt@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="0000000000000f8d4a062160df1b"
X-W3C-Hub-DKIM-Status: validation passed: (address=jbroman@chromium.org domain=chromium.org), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1smEKV-00B9E5-22 65674c562bf3894e56ef0d00c6d19cf0
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-nottingham-http-availability-hints-01.txt
Archived-At: <https://www.w3.org/mid/CACuR13f-zhymer22h06E_kNUSE0GL=Yd8H3cRNcdxSh4h1X0=Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52263
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, Sep 4, 2024 at 5:42 AM Valentin Gosu <valentin.gosu@gmail.com>
wrote:

> Hi Mark,
>
> I have some feedback regarding the Cookie Section
> <https://www.ietf.org/archive/id/draft-nottingham-http-availability-hints-01.html#name-cookie>
> .
>
> > Note that this algorithm requires storing the cookies from the
> associated request with each response.
>
> In Firefox we currently store a hash of the Cookie header instead of the
> actual cookie value in order to deal with Vary: Cookie.
> This is because the cookies could be large in size, and because we don't
> want potentially sensitive information contained in cookies to be persisted
> in the HTTP cache.
> So I think you can implement the algorithm without storing the actual
> cookies in the response.
>

Chromium's (unshipped) implementation does this
<https://source.chromium.org/chromium/chromium/src/+/main:net/http/http_cookie_indices.cc;l=95-122;drc=8e948282d37c0e119e3102236878d6f4d5052c16>,
too. You need to store enough information to be able to confidently test
equality, though technically not the cookies themselves.


> I'm also wondering if this section should mention that the response may
> include a `Set-Cookie` header with one of the indices.
> I don't think anything special would need to happen, apart from this
> immediately invalidating the cache entry.
>
> Thanks
>
> On Wed, 10 Jul 2024 at 03:30, Mark Nottingham <mnot@mnot.net> wrote:
>
>>
>> > On 10 Jul 2024, at 2:33 AM, Rory Hewitt <rory.hewitt@gmail.com> wrote:
>> >
>> > The 'header explosion' concern is only part of it. My main point is
>> that using a single well-crafted header can both fill in the holes and also
>> provide more explicit preference information - covering the exact
>> edge-cases you mention in the design.
>>
>> The Variants header took that approach -- the WG came to the conclusion
>> that it wasn't workable, due to the complexity and difficult in
>> understanding. This is an attempt to split it up and simplify the space,
>> and it seems to be getting traction (e.g., partial prototyping in Chrome).
>>
>> > However, if you'd prefer to use multiple headers, I would strongly
>> suggest that you change "Cookie-Indices" to "Avail-Cookie" or
>> "Avail-Cookie-Indices" - all the related headers should have a common
>> "Avail-*" prefix, no?
>>
>> As the draft says, it's just a convention. The field names aren't
>> automatically processed.
>>
>> Cheers,
>>
>> >
>> > On Tue, Jul 9, 2024 at 12:29 AM Mark Nottingham <mnot@mnot.net> wrote:
>> > I'm not too concerned about an explosion of headers -- it only becomes
>> an issue if a resource negotiates on many axes, and even then things like
>> header compression work in our favour (splitting them into separate headers
>> often helps header compression). Client Hints took the same approach, and I
>> like the symmetry with them.
>> >
>> > Cheers,
>> >
>> >
>> > > On 9 Jul 2024, at 8:29 AM, Rory Hewitt <rory.hewitt@gmail.com> wrote:
>> > >
>> > > Hey Mark,
>> > >
>> > > My primary concern with this is the possible proliferation and
>> over-extensibility of `Avail-*` headers.
>> > >
>> > > This document includes Avail-Encoding|Format|Language|ECT (ECT is a
>> likely addition eventually) and Cookie-Indices, but those may need to be
>> extended in the future, leading to a large number of headers.
>> > >
>> > > To use the example you provide in the Introduction section:
>> > >
>> > > Vary: Accept-Encoding, Accept-Language, ECT
>> > > Avail-Encoding: gzip, br
>> > > Avail-Language: fr, en;d
>> > > Avail-ECT: ("slow-2g" "2g" "3g"), ("4g");d
>> > >
>> > > Naively, would it not make more sense to have a single
>> *Available-Responses* header, like this (apologies if the syntax isn't
>> quite correct for structured fields):
>> > >
>> > > Vary: Accept-Encoding, Accept-Language, ECT
>> > > Available-Responses: enc=gzip,br;lang=en,fr;ect=("4g"),("slow-2g"
>> "2g" "3g")
>> > >
>> > > Of course, this includes some assumptions:
>> > >
>> > > 1. The first option is the default - we have traditionally not done
>> that, and used things like Q-values (ugh!), but with brand new headers,
>> does it not make sense to start implementing a higher-level standard that
>> where multiple values are specified, they should be specified in a
>> prioritized list? For any given listable header, both clients and servers
>> know a preference order, and that should be implicit in the headers they
>> send and receive. Is this complete heresy to even suggest this?
>> > > 2. This may be less efficient when using things like QPACK static
>> tables to hold 'commonly-used' header values, but I don't believe that's
>> something that anyone is worrying about yet...
>> > >
>> > > On the plus side, it (kinda) simplifies the header size (not a big
>> issue with Huffman encoding and first-subsequent responses), but to me,
>> having a single response which specifies all the available response types
>> is an improvement to having multiple headers. As new response axes becomes
>> available, they can simply be added to the existing header.
>> > >
>> > > Additionally, it can be extended to include all the 'holes' and
>> various axes of preference mentioned - for example, the following shows
>> that the English-gzip is preferred over the French-brotli version (while
>> still making it clear that French-gzip and English-brotli versions are
>> available - the preference order symbolized here is explicitly:
>> > >
>> > > en-gzip
>> > > fr-gzip
>> > > fr-br
>> > > en-br
>> > >
>> > > based on the parenthesized grouping:
>> > >
>> > > Vary: Accept-Encoding, Accept-Language, ECT
>> > > Available-Responses:
>> (enc=gzip;lang=en,fr),(enc=br;lang=fr,en);ect=("4g"),("slow-2g" "2g" "3g")
>> > >
>> > >
>> > > To use an example of a 'hole', if a French-gzip version IS NOT
>> available, you'd have this:
>> > >
>> > > Vary: Accept-Encoding, Accept-Language, ECT Available-Responses:
>> (enc=br;lang=fr),(enc=gzip,br;lang=en);ect=("4g"),("slow-2g" "2g" "3g")
>> > >
>> > > which identifies the following preference order:
>> > >
>> > > br-fr
>> > > en-gzip
>> > > en-br
>> > >
>> > > An English client can use *either* gzip or br (gzip is preferred),
>> but a French client can *only* get a brotli response. Crucially though,
>> French-brotli is still preferred to either English-gzip or English-brotli,
>> even though there's only a single encoding option for French.
>> > >
>> > > Rory
>> > >
>> > > --
>> > > Rory Hewitt
>> > >
>> > > https://www.linkedin.com/in/roryhewitt
>> >
>> > --
>> > Mark Nottingham   https://www.mnot.net/
>> >
>> >
>> >
>> > --
>> > Rory Hewitt
>> >
>> > https://www.linkedin.com/in/roryhewitt
>>
>> --
>> Mark Nottingham   https://www.mnot.net/
>>
>>
>>