- From: Mike West <notifications@github.com>
- Date: Tue, 13 Nov 2018 08:13:43 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/280/438325599@github.com>
> header bloat – what do the http people have to say about this? As @mnot always says, HTTP header compression is a silver bullet panacea that cures all ills. Also, we discussed this above. See https://github.com/w3ctag/design-reviews/issues/280#issuecomment-408220264 and https://github.com/w3ctag/design-reviews/issues/280#issuecomment-408226476. > is this yet another feature which we are adding to the web platform which is only usable by industrial-scale web parties? (In other words, how do small or medium sized providers take advantage of this capability?) As @slightlyoff noted in the minutes, software providers know their software, and can ship rules themselves at the application layer, which will automagically protect their clients. Imagine Wordpress locking down non-navigational requests to their API endpoints, for instance. At the network layer, https://bugs.chromium.org/p/chromium/issues/detail?id=861678 is an exciting trip through the world of Web Application Firewalls, showing that they didn't like our initial pass at `Sec-Metadata`'s syntax, but are interested in supporting it in the future. See in particular Ergon's comments at https://bugs.chromium.org/p/chromium/issues/detail?id=861678#c18. My expectation is that Google-like companies will farm the work of tuning `Sec-Metadata` rules to @arturjanc-like employees, while https://www.movistar.es/, et al will rely on firewall software providers to do the same. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/280#issuecomment-438325599
Received on Tuesday, 13 November 2018 16:14:04 UTC