W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: New Version Notification for draft-nottingham-proxy-explanation-00.txt

From: Ted Hardie <ted.ietf@gmail.com>
Date: Mon, 29 Feb 2016 12:01:31 -0800
Message-ID: <CA+9kkMC1Tce=eohXFSZfrD9cpJHOMOMKtoYqVbvUY3EwbboTqg@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP WG <ietf-http-wg@w3.org>
Howdy,

On Sun, Feb 28, 2016 at 5:59 PM, Mark Nottingham <mnot@mnot.net> wrote:

> FYI - would be interested in what people thought, as I know some folks
> have this problem.
>
> Pretty (and slightly updated) version at:
>   https://mnot.github.io/I-D/proxy-explanation/
>
> The document says about the HTML content in a 403 "but browsers are
unwilling to show this to end users, since doing so would subject them to a
potential man-in-the-middle attack."; this same reluctance seems to me
likely to apply to the URL in the proposed JSON structure.  You note the
issue considerations section, but seem to come down on the side of
including it anyway.  Can you explain more about why? What's the other side
of this trade-off look like, in your thinking?

I found it odd that the document talked about forbidding origin servers
from generating the media type, rather than returning it a response.  Below
you say it MUST NOT be used with 2xx or 3xx responses; it seems like you
could also use similar language for origin server/CDN use.

The document says that "Clients MAY selectively support this media type.
For example, an implementation might deem it only useful (or safe) in
CONNECT requests."  Given the other restrictions, I don't use case outside
of CONNECT, and I would normally say that you shouldn't send an accept
header where you're not willing to receive the type; am I missing some of
your thinking here?

regards,

Ted



>
> > Begin forwarded message:
> >
> > From: internet-drafts@ietf.org
> > Subject: New Version Notification for
> draft-nottingham-proxy-explanation-00.txt
> > Date: 17 February 2016 at 11:38:12 AM AEDT
> > To: "Mark Nottingham" <mnot@mnot.net>
> >
> >
> > A new version of I-D, draft-nottingham-proxy-explanation-00.txt
> > has been successfully submitted by Mark Nottingham and posted to the
> > IETF repository.
> >
> > Name:         draft-nottingham-proxy-explanation
> > Revision:     00
> > Title:                The application/proxy-explanation+json media type
> > Document date:        2016-02-17
> > Group:                Individual Submission
> > Pages:                7
> > URL:
> https://www.ietf.org/internet-drafts/draft-nottingham-proxy-explanation-00.txt
> > Status:
> https://datatracker.ietf.org/doc/draft-nottingham-proxy-explanation/
> > Htmlized:
> https://tools.ietf.org/html/draft-nottingham-proxy-explanation-00
> >
> >
> > Abstract:
> >   This specification defines the application/proxy-explanation+json
> >   media type, to allow HTTP proxies to explain to clients why a request
> >   is unsuccessful.
> >
> > Note to Readers
> >
> >   The issues list for this draft can be found at
> >   https://github.com/mnot/I-D/labels/proxy-explanation .
> >
> >   The most recent (often, unpublished) draft is at
> >   https://mnot.github.io/I-D/proxy-explanation/ .
> >
> >   Recent changes are listed at https://github.com/mnot/I-D/commits/gh-
> >   pages/proxy-explanation .
> >
> >
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > The IETF Secretariat
> >
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>
>
Received on Monday, 29 February 2016 20:02:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC