W3C home > Mailing lists > Public > public-bpwg-ct@w3.org > January 2008

[minutes] Tuesday 29 January Teleconf

From: Francois Daoust <fd@w3.org>
Date: Tue, 29 Jan 2008 17:17:14 +0100
To: public-bpwg-ct <public-bpwg-ct@w3.org>
Message-Id: <1201623434.5932.37.camel@DOUST-W3CLAPTOP>

The minutes of today's discussion are available at:
http://www.w3.org/2008/01/29-bpwg-minutes.html
... and copied as text below.

Thanks Sean for scribing!
Fran├žois.


29 Jan 2008

   [2]Agenda

      [2] http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Jan/0028.html

   See also: [3]IRC log

      [3] http://www.w3.org/2008/01/29-bpwg-irc

Attendees

   Present
          francois, Bryan_Sullivan, AndrewS, rob, Heiko, SeanP, Magnus

   Regrets
          jo

   Chair
          francois

   Scribe
          SeanP, SeanPatterson

Contents

     * [4]Topics
         1. [5]New draft is here
         2. [6]HTTP Cache-Control extensions
         3. [7]CT-proxy and HTTP POST (part 3.2)
         4. [8]Detection of non-browser environment
         5. [9]Summary of proposed features (part 3.7)
         6. [10]CT-proxy-aware
         7. [11]reload-untransformed directive
     * [12]Summary of Action Items
     _________________________________________________________

New draft is here

   Francois: Any comments on the draft?

   <francois> Close ACTION-628

   <trackbot-ng> ACTION-628 Produce draft 1d by Friday closed

HTTP Cache-Control extensions

   <hgerlach> heiko has to redail in

   <francois> Yves Lafon

   Francois: Talked with Yves Lafon of the W3c about Cache-Control
   ... He has been involved with HTTP
   ... He said we should not recommend extensions to HTTP that would
   require all servers to change
   ... He said we should not recommend any extesions to Cache-Control
   header
   ... The CP either enables content transformation or doesn't with
   Cache-Control: no-transform
   ... If we decide to do extensions to Cache-Control we need to write
   an IETF draft
   ... There is an example

   <francois> [13]Mark Nottingham example

     [13] http://www.mnot.net/drafts/draft-nottingham-http-stale-while-revalidate-00.txt

   Francois: This is the kind of thing we could write to propose
   extensions to Cache-Control
   ... Will talk to Yves F2F this week and come back with details next
   week.
   ... I think it is a good idea to do this--if we don't the document
   may not be as useful

CT-proxy and HTTP POST (part 3.2)

   Francois: The most important part of the doc is CP to proxy
   communication.
   ... Jo mentioned that there was some discussion about HTTP POST

   Magnus: Is beyond our scope.
   ... An example would be a picture from the phone uploaded to the
   server.
   ... The proxy could transform the photo if it was weird format.

   Francois: Is there any case where CT proxy should not do anything
   with a post?

   Magnus: We could come up with examples but they are too esoteric.

   Bryan: This represents value added services that are beyond what we
   should say something about.

   Francois: Jo removed that part about POST from the draft.

Detection of non-browser environment

   Bryan: Have comments on this. The user agent should be the primary
   way to detect non-browser unless there is secondary info.
   ... Jo said something about using heuristics, etc. for detecting
   non-browser environment.

   Heiko: That comment was quite useful.

   <Bryan> Jo proposed "the proxy SHOULD make "reasonable efforts" to
   determine whether a user agent is a browser, using heuristics
   applied to an a priori knowledge base"

   Heiko: We are not able to always understand the UA from the UA
   string because there is no standardization

   Bryan: AT&T has been able to get useful information from UA.
   ... We do see just "Mozilla" sometime however.

   <francois> ACTION: bryan to propose some recommendation on
   user-agent detection from a proxy and browser's (format) point of
   view [recorded in
   [14]http://www.w3.org/2008/01/29-bpwg-minutes.html#action01]

   <trackbot-ng> Created ACTION-632 - Propose some recommendation on
   user-agent detection from a proxy and browser's (format) point of
   view [on Bryan Sullivan - due 2008-02-05].

   <francois> Close ACTION-626

   <trackbot-ng> ACTION-626 Contribute text on detection of non-browser
   user agent closed

Summary of proposed features (part 3.7)

   Francois: This was added by Jo in the current draft.
   ... Summarize the extensions for Cache-control and other extensions
   ... Want to talk about https rewrite.

   Bryan: I said that rewrite of https URLs doesn't work.
   ... Rewriting all links on an HTTPS page may have some uses.

   Francois: Could be dangerous to rewrite HTTPS URLs.

   Bryan: Example: CT Proxy could recreate the "WAP GAP"
   ... Connection between Browser and proxy is secure.

   Andrew: We should put in the guidelines that if the proxy intercepts
   HTTPS, the user should be notified and prompted.

   Bryan: Needs to be clarified that if the user refuses to allow proxy
   to intercept HTTPS, it may not work.

   Andrew: User should be given the option, and then it should work
   end-to-end; i.e., not through proxy.

   Bryan: In this case the page is not formatted for the phone.

   Andrew: Correct, but user should have the option.

   Francois: Is this feasable for users?

   Andrew: Most users don't know much about this, but it is good to
   give option. It is what VF UK is doing.

   Bryan: Make sure this is very clear in "terms and conditions." Don't
   make the user answer too many questions.
   ... Could make these kinds of decisions available through a desktop
   browser link.

   Francois: Summary: Should make it clear in the document that proxy
   should ask the user about HTTPS.

   Andrew: If not proxy could create man-in-the-middle attack.

   Bryan: This preference should be remembered.

   <francois> ACTION: Andrew to write a clear draft on
   @@allow-https-rewrite and the need for the end-user to be aware of
   the situation [recorded in
   [15]http://www.w3.org/2008/01/29-bpwg-minutes.html#action02]

   <trackbot-ng> Created ACTION-633 - Write a clear draft on
   @@allow-https-rewrite and the need for the end-user to be aware of
   the situation [on Andrew Swainston - due 2008-02-05].

CT-proxy-aware

   Francois: How could the browser say it was CT-proxy-aware?

   Heiko: Most browsers that need CT-proxy are old browsers that are
   not CT-aware.

   Francois: Say we did have a browser that CT-aware. How would we tell
   the proxy this?

   <francois> In the absence any of the previous directives elaborating
   the no-transform directive, the client should indicate that it
   understands the conventions of this document by including a
   [@@ct-proxy-aware directive].

   Heiko: Why? Should only do transformation for low-end browsers.

   Francois: The document currently talks about CT-aware browsers.

   Bryan: The most common case right now is legacy browsers.
   ... If we have control commands for CT, then the browser needs to
   know that the browser is CT-aware.
   ... Could use DDR to know if a browser is CT-aware.
   ... Need an attribute in DDR that specifies CT-aware.

   Value of CT-awareness: Browser can control CT without user
   interaction.

   Heiko: We are talking about a config string sent from browser to
   proxy

   Bryan: Think that DDR would be best for handling CT-aware to reduce
   network overhead of sending a header each time.

   Francois: Lots of content in the document that talks about
   interaction between CT proxy and browser.

   Heiko: Don't think we need this. 90% of value of CT proxy is for
   legacy browsers.

   Francois: Question: Will any CT-aware browsers ever be implemented?
   ... Is this something browser makers are even interested in doing?

   Bryan: As browsers become more capable, the need for CT services
   will diminish.
   ... Less transformation will be done on the network and more on the
   device.
   ... Don't see that CT-awareness will be high priority for browser
   makers.

   Heiko: Low tier browsers are not high priority for phone makers.
   ... For the future, optimation and acceleration will be the main use
   of CT proxies

   Bryan: The are hundreds of millions of devices out there and the
   turnover is such that CT proxies could be needed for 5 years or so.

reload-untransformed directive

   Francois: Jo mentioned that there could be some problems.
   ... Directive is between CT-aware browser and proxy.
   ... Not sure what the priority is.

   <SeanPatterson> scribe: SeanPatterson

   <scribe> scribenick: SeanPatterson

   Andrew: Expect to see legacy devices used for several years.

   <hgerlach> just a short questio: how to register for the speaker
   queue???

   <francois> francois: One last thing about the impossible
   conciliation of the Cache-Control: no-transform directive and the
   WAP gateways. Should we drop a note stating that these guidelines
   won't work in that case?

   <inserted> Andrew: yes, I think that's a good idea

   <francois> ACTION: daoust to write a note to say something about
   Cache-Control: no-transform and WAP gateways [recorded in
   [16]http://www.w3.org/2008/01/29-bpwg-minutes.html#action03]

   <trackbot-ng> Created ACTION-634 - Write a note to say something
   about Cache-Control: no-transform and WAP gateways [on Fran├žois
   Daoust - due 2008-02-05].

   <hgerlach> great, thanks!

Summary of Action Items

   [NEW] ACTION: Andrew to write a clear draft on @@allow-https-rewrite
   and the need for the end-user to be aware of the situation [recorded
   in [17]http://www.w3.org/2008/01/29-bpwg-minutes.html#action02]
   [NEW] ACTION: bryan to propose some recommendation on user-agent
   detection from a proxy and browser's (format) point of view
   [recorded in
   [18]http://www.w3.org/2008/01/29-bpwg-minutes.html#action01]
   [NEW] ACTION: daoust to write a note to say something about
   Cache-Control: no-transform and WAP gateways [recorded in
   [19]http://www.w3.org/2008/01/29-bpwg-minutes.html#action03]

   [End of minutes]
   
Received on Tuesday, 29 January 2008 16:17:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 29 January 2008 16:17:33 GMT