- From: Adam Barth <w3c@adambarth.com>
- Date: Sun, 28 Jun 2009 16:12:07 -0700
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Henrik Nordstrom <henrik@henriknordstrom.net>, "Roy T. Fielding" <fielding@gbiv.com>, Larry Masinter <LMM@acm.org>, ietf-http-wg@w3.org, Lisa Dusseault <ldusseault@commerce.net>
On Wed, Jun 24, 2009 at 10:55 PM, Adam Barth<w3c@adambarth.com> wrote: > On Wed, Jun 24, 2009 at 10:46 PM, Mark Nottingham<mnot@mnot.net> wrote: >> Do you have a spec for sec-from? > > http://tools.ietf.org/html/draft-abarth-origin-01 > > This draft addresses the technical feedback I have receive on the -00 > version of the draft. As I said in the previous email, I'm going to > try to reply to all the outstanding emails in the next couple of days. Turns out my folder of outstanding issues was mostly individual emails. I had an outstanding request for data from this WG on the number of internal-to-external POST requests. Out of a sample of one million HTTP requests from an enterprise firewall: 1) 6% of the GET+POST requests were POST. 2) 10% of POSTs are cross-host. 3) There was exactly one POST from an internal host to an external host. Caveats: I can't see HTTPS traffic with this methodology. Different enterprises might be different. The enterprise in question does trip the Referer header (although I collected the data prior to stripping). Adam
Received on Sunday, 28 June 2009 23:13:07 UTC