Re: [Wpack] WPACK GitHub Repo?
Jeffrey Yasskin <jyasskin@chromium.org> Thu, 26 March 2020 18:11 UTC
Return-Path: <jyasskin@google.com>
X-Original-To: wpack@ietfa.amsl.com
Delivered-To: wpack@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6E523A085C for <wpack@ietfa.amsl.com>; Thu, 26 Mar 2020 11:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.25
X-Spam-Level:
X-Spam-Status: No, score=-9.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cjsc0180aFzQ for <wpack@ietfa.amsl.com>; Thu, 26 Mar 2020 11:11:19 -0700 (PDT)
Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F257F3A0BFB for <wpack@ietf.org>; Thu, 26 Mar 2020 11:11:18 -0700 (PDT)
Received: by mail-qv1-xf31.google.com with SMTP id cy12so3522618qvb.7 for <wpack@ietf.org>; Thu, 26 Mar 2020 11:11:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Sffl0Bi7HD5HiT6zhc6b6vvZl5L37pNnouMu2cwoWqs=; b=k2BklW6onAuAF/blmFrUwcQxuNlAYt6qBOnjD1Cfz6UH+JhFyEsd8Qf5O029AegAca iGyViU35uocaf4FzDqPc1tciJ3Lves0WUzc34yeagiYxCjMkiefhqBoWBpeXgAJfjQ8n 7InLYcpbJqI2I2Mht9TKnmXvicZk2RtmsU8Yg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Sffl0Bi7HD5HiT6zhc6b6vvZl5L37pNnouMu2cwoWqs=; b=JuuhiVo9XMOi8dctsH4weU7s6h6877ODeGa3WvB+I0nYQcA4yarP67pS7rrWJkM5hd O4DWoj2cYsQEQQYaQdu4zcWBSyRqsfSpBTst7pkYAKjUzYXxyOfou62mn8mD1yyXJ6kp pQvRXSssRMWXrtC33Dao2iXQ3kTtCTF4GZlTLbvR6C7JfL2LdqwbpM0NpwGgOhNUfqN2 cPcnb3hdJ8ELDLhQ4Vb/+mOnwIKeq2dWLA8cpyOvK9+sSNbMMTA+D01W49xXyWy1iWNZ qjbh3U2Hu41XOYxLeEkSfB+8FycrBqK2RSWviP+pN1TfovmutTcdFStor4iSRTyIc2oh 2HLA==
X-Gm-Message-State: ANhLgQ1EZUYqMG3rzwNmn2oa9JZWiKr3LPr9ZM6xYj0QbHTcHy/2XxNt JABPFWiVkPOJPRts125TFxc6qMwsR+TJBcXjsQBPTQ==
X-Google-Smtp-Source: ADFU+vszV8ipYM9Kcz1EbmpJF9j46gJ9hqGbyIcp18xcvwc6G24MfNIP+355HZvaSwvScZK5GpmSs25sQJ3Gl3uJ8Ec=
X-Received: by 2002:a0c:f207:: with SMTP id h7mr9455842qvk.20.1585246277355; Thu, 26 Mar 2020 11:11:17 -0700 (PDT)
MIME-Version: 1.0
References: <28C48D9F-4865-4C02-AB35-A366AA280DED@sn3rd.com> <024201d602e6$a8afde80$fa0f9b80$@acm.org> <CABcZeBNhx8o4D8YfSYLsiodi3Han2V87qvGFiPGbAvcC5r57EQ@mail.gmail.com> <002401d6033a$f70fe990$e52fbcb0$@acm.org>
In-Reply-To: <002401d6033a$f70fe990$e52fbcb0$@acm.org>
From: Jeffrey Yasskin <jyasskin@chromium.org>
Date: Thu, 26 Mar 2020 11:11:01 -0700
Message-ID: <CANh-dXmyU42JB0Ew6xvzHuBDBf30A6jiB+=gAG9T0=u3GFVsQA@mail.gmail.com>
To: Larry Masinter <LMM@acm.org>
Cc: WPACK List <wpack@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f30d505a1c5e939"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wpack/1Bmq3SQNdBSHxn_otyPCzzdlXas>
Subject: Re: [Wpack] WPACK GitHub Repo?
X-BeenThere: wpack@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Web Packaging <wpack.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpack>, <mailto:wpack-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpack/>
List-Post: <mailto:wpack@ietf.org>
List-Help: <mailto:wpack-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpack>, <mailto:wpack-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2020 18:11:21 -0000
It's my fault that much more discussion has happened on https://github.com/WICG/webpackage/ PRs and issues, and even private discussions, than this mailing list. Sorry about that. I don't think you've missed anything significant since IETF 106, as I was mostly waiting for the WG to finish spinning up. Hopefully having actual chairs will help us do better here in the future. https://ietf-gitwg.github.io/using-github/draft-ietf-git-using-github.html has a lot of good advice on how to manage this. I prefer the work mode it describes as "Issue Discussion Mode <https://ietf-gitwg.github.io/using-github/draft-ietf-git-using-github.html#name-issue-discussion-mode>", with the tweak that even in the "Early Design Phase", the editor gets at least another person to review each PR, but I'm happy to use whatever the whole group decides on. I don't think we've discussed the question of what a signature should mean, either on the list or as a github issue. I have opinions there that I think match what you want, which I'll describe in a separate thread. I'm also happy to chat directly, or I believe we can schedule targeted interim meetings if that sounds useful. I *suspect* that we'll come up with something that can replace at least some multipart/* (certainly MHTML is a goal) and PDF use cases, and like the other secondary use cases, I support small tweaks to the format to support that, as long as it doesn't compromise the primary use cases. Jeffrey On Wed, Mar 25, 2020 at 11:51 PM Larry Masinter <LMM@acm.org> wrote: > I’m sorry. I’m fine with using GitHub, I was grousing about something else > -- the difficulty in searching in GitHub comments and responses to find out > what things were the focus of the work of the working group. > > I’m on the mailing list, but it’s clearly some other forum in which the > discussion about the different kinds of signing and trust and identity are > being discussed. > > Or not. I want to learn enough of the language you use in these > discussions so I can explain and be understood. I suspect your requirements > may be at the wrong level (you’re starting with a very operational view of > the “web security model” (if there is such a thing) by translating TLS into > digital signatures and asking who signs what and how can you do that with > minimal changes to the browser “security model”. > > Asking what’s the origin of a data: URL is asking the wrong question. The > problem is the notion of “origin” is tied to the HTTP transaction model. > > PDF signatures are package signatures, but the signature isn’t tied to the > origin of any of the parts. Isn’t that what you want when you want to show > something is trusted not because it was assembled from trusted parts but > because you trust the assembler? What use case forces you to assume that > interpretations packages have to look the same in the browser showing URLs? > > > > > > Anyway, this is the kind of question / discussion I’d try to do in the > hallway at a F2F IETF. I don’t see the mailing list, a github issue, or a > group videoconference call. But if you want to chat, let me know. > _______________________________________________ > Wpack mailing list > Wpack@ietf.org > https://www.ietf.org/mailman/listinfo/wpack >
- [Wpack] WPACK GitHub Repo? Sean Turner
- Re: [Wpack] WPACK GitHub Repo? Larry Masinter
- Re: [Wpack] WPACK GitHub Repo? Eric Rescorla
- Re: [Wpack] WPACK GitHub Repo? Larry Masinter
- Re: [Wpack] WPACK GitHub Repo? Patrick McManus
- Re: [Wpack] WPACK GitHub Repo? Salz, Rich
- Re: [Wpack] WPACK GitHub Repo? Mike Bishop
- Re: [Wpack] WPACK GitHub Repo? Jeffrey Yasskin
- Re: [Wpack] WPACK GitHub Repo? Martin Thomson
- Re: [Wpack] WPACK GitHub Repo? Larry Masinter
- Re: [Wpack] WPACK GitHub Repo? Martin Thomson
- Re: [Wpack] WPACK GitHub Repo? Sean Turner