- From: Göran Eriksson AP <goran.ap.eriksson@ericsson.com>
- Date: Wed, 20 Jul 2016 06:33:16 +0000
- To: HTTPWG <ietf-http-wg@w3.org>
Hi, Let me begin by apologising for the early hour and thank the participants for the dedication to the development of the HTTP protocol shown by all by appearing so early! As promised, very brief notes from discussion at meeting below. Comments and additions welcome. ********************** Some 30 people at the meeting: - “The usual [HTTP] suspects and some more”. Martin, Göran, Christer, Zahed and Magnus presented slides. Notes from discussion: Several mentioned usefulness of basic protocol mechanisms such as payload encryption, integrity protection. Segmentation also be a general problem to be looked at. The importance of constantly and vigorously considering user privacy and security was stressed. Some attack surfaces on cache/secondary server and origin/primary server was brought up, a matter also requiring continued attention. The question of how to discover secondary servers was put- answer is that it hasn’t been in scope so far. The value of deep network caches was confirmed by some speaker on the floor, especially the benefit of offloading the origin/primary server. Concerns expressed about the complexity in creating resource maps- will small and middle size sites manage this? Also, what this means for the web developer as well as what to put in the HTTP layer of the browser and what to have in JavaScript was mentioned. Browser security implications mentioned: -“Run this by the Chrome Security Team”. Related to this is the question if the request to the secondary server should be seen as a cross-origin request or not. Several also brought up the challenging operational aspects. It was noted that the “Island case” was not solved. *********************** We appreciate the feedback and look forward for more. Regards Göran (for the set of people who have been exploring this stuff)
Received on Wednesday, 20 July 2016 06:33:48 UTC