W3C home > Mailing lists > Public > public-bpwg-ct@w3.org > January 2008

Cache-Control: no-transform and "dangerous" content

From: Francois Daoust <fd@w3.org>
Date: Wed, 23 Jan 2008 12:30:40 +0100
To: public-bpwg-ct@w3.org
Message-Id: <1201087840.5827.147.camel@DOUST-W3CLAPTOP>

Per ACTION-625 created during last teleconf', I'm to (re-)initiate the
discussion on what exactly the guidelines have to say about "dangerous"
content and its possible transformation by a CT-aware proxy when the
proxy is told not to transform anything.

I have the feeling that there exist different points of view within the
Working Group, and thus wanted to make sure:
1. we were talking about the same thing
2. we have a clear agreement on that
3. the document states things clearly as well

If we already all agree, then my apologies for this lengthy mail!


In current draft
----------------
http://www.w3.org/2005/MWI/BPWG/Group/TaskForces/CT/editors-drafts/Guidelines/080118

... the subject is mentioned both in "2.4 Proxy States":
"In the passive state it behaves like a transparent proxy and behaves as
though a Cache-Control: no-transform directive were present on every
request and every response, with the possible exception that - only with
the consent of both the user and the content provider - content which it
has been determined would cause serious mis-operation of the client,
such as causing it to crash, may be minimally transformed to prevent
that mis-operation."

and at the end of "3.5 Proxy Response to client":
"[...] if the proxy determines that the resource as currently
represented is likely to cause serious mis-operation of the client then
the proxy may transform the resource but only sufficiently to alter the
specific aspect of the content that is likely to cause mis-operation.
Proxies must not exhibit this behavior unless this has been specifically
allowed by both the server and the user. [@@ either by persistent
registration of preferences, or by use of the [@@correct dangerous
content] directive.]"


Problem statement
-----------------
I would rephrase the problem as follow...

When the following points are true:
a) the HTTP request from the client or the HTTP response from the CP
contains a HTTP "Cache-Control: no-transform" directive
b) the HTTP request from the client or the HTTP response from the CP
does not contain any other CT-aware directives
c) a CT-aware proxy detects that the response content is "dangerous",
such as it thinks it would likely crash the client's browser

... should we recommend the CT-aware proxy MAY apply some minimal
content transformation to prevent the detected crash?


Different points of view
------------------------
Feel free to correct me if I'm wrong. I'm not quoting anyone, just
trying to reformulate what I understood, so I'm likely to be wrong ;)

1. HTTP/1.1 RFC2616
"The CT-aware proxy MUST NOT apply any transformation in that case."
"[...] if a message includes the no-transform directive, [...] the cache
or proxy MUST NOT change any aspect of the entity-body that is specified
by these headers, including the value of the entity-body
itself." (14.9.5)

2. Jo:
"The CT-aware proxy MUST NOT apply any transformation in that case."
"If the Cache-Control: no-transform directive is completed with a
[@@correct dangerous content] directive, then and only then the CT-aware
proxy MAY apply some transformation."
The first part is a direct answer to the problem as stated here.
The second part is not an exception-to-the-rule case, but rather another
(useful IMHO) guideline when b) above is not true. It's only indirectly
linked to the problem.

3. Bryan
"The CT-aware proxy MAY override the no-transform directive in
exceptional cases. The document cannot cover these cases but may mention
their existence."
(see
http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Jan/0017.html
part 2.4)

4. Aaron (Kemp)
Before leaving the teleconf' yesterday, you mentioned you were thinking
exceptions were indeed needed.

5. Nigel
"The CT-aware proxy MUST NOT apply any transformation in that case."
But you seemed to agree to a not-too-strong mention of the existence of
exceptional cases:
http://lists.w3.org/Archives/Public/public-bpwg-ct/2007Dec/0008.html

6. Fran├žois
"The CT-aware proxy MUST NOT apply any transformation in that case."
This looks to me as wishful thinking. I do understand this goes in the
right direction for the user, but don't see how we could precise the
"exceptional" cases where the CT-aware proxy may change something.

7. Others?


Additional thoughts
-------------------
I'm wondering about the Cache-Control: no-transform directive... Do we
have any stats as to its use for "regular" web content? It doesn't seem
the directive is widely being used. In all cases, it's not being used by
default, is it?

In other words, if the directive is present, it would likely mean the CP
is CT-aware, and if he's CT-aware, he's likely to know at least a bit
about what this directive implies in terms of mobile presentation.

If we want to mention the existence of exceptional cases, I would
suggest going one step further in the definition with something like:

"If the CP (or client depending on whether the no-transform directive is
in the HTTP response or request) is CT-aware, the proxy MUST NOT apply
any transformation in that case.
If the CP (or client depending on whether the no-transform directive is
in the HTTP response or request) is CT-unaware, the proxy MAY apply some
minimal transformation in that case, but MUST inform the client about
it."

In other words: trust a CT-aware CP or client more than a CT-aware proxy
- they should know what they are doing - but trust a CT-aware proxy more
than a CT-unaware CP or client... 


My proposal
-----------
For 2.4:
I would cut the end of the sentence:
"In the passive state it behaves like a transparent proxy and behaves as
though a Cache-Control: no-transform directive were present on every
request and every response".

For 3.5:
Actually, I would remove the text there and add the following to 3.3:
"Servers may add a [@@correct dangerous content] directive to the
Cache-Control: no-transform directive indicating that the proxy MAY
apply some minimal transformation if it detects the content would cause
serious mis-operation by the client".

In 3.1:
I would mention that possibility for the client to use that directive as
well.


Questions
--------
- MUST NOT or MAY?
- if MAY, how would you formulate it?
- in both cases, OK to recommend a [@@correct dangerous content]
directive?
 

Fran├žois.
Received on Wednesday, 23 January 2008 11:30:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 23 January 2008 11:30:56 GMT