Re: New Version Notification for draft-nottingham-site-wide-headers-00.txt from Mark Nottingham on 2016-08-03 (ietf-http-wg@w3.org from July to September 2016)

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 3 Aug 2016 15:03:14 +0200
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Mike West <mkwst@google.com>
Message-Id: <45521594-3171-4782-A184-881D7F6D4AA8@mnot.net>

We're talking.

WRT the sets thing -- yes, my original proposal was just one set of server-wide headers. However, CSP is one of the major byte wasters, and for the vast majority of origins, it varies a bit (e.g., only sent on HTML resources, and differs a bit between them, sometimes).

Cheers,

> On 3 Aug 2016, at 2:47 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> Interesting.
> 
> Maybe you should work out a solution with Mike that works for both of you.
> 
> Vary?
> 
> The sets thing needs better justification - as it is, you are
> effectively creating many resources (/.well-known/site-headers#foo
> perhaps) identified by a single URL  The discussion on Mike's proposal
> hit this very point[1]. Personally, I'm inclined to agree with Mike
> about the costs outweighing benefits.
> 
> There will be a temptation to gzip (or brotli) this, especially if .
> Security considerations (or Section 2.1) might mention that data from
> mutually distrustful sources isn't appropriate.
> 
> [1] https://discourse.wicg.io/t/proposal-set-origin-wide-policies-via-a-manifest/1617
> 
> On 3 August 2016 at 13:06, Mark Nottingham <mnot@mnot.net> wrote:
>> FYI. Prettier version at:
>>  https://mnot.github.io/I-D/site-wide-headers/
>> 
>> Mike West has a slightly different approach at:
>>  https://mikewest.github.io/origin-policy/
>> 
>> Thoughts?
>> 
>> 
>>> Begin forwarded message:
>>> 
>>> From: internet-drafts@ietf.org
>>> Subject: New Version Notification for draft-nottingham-site-wide-headers-00.txt
>>> Date: 3 August 2016 at 1:03:57 PM GMT+2
>>> To: "Mark Nottingham" <mnot@mnot.net>
>>> 
>>> 
>>> A new version of I-D, draft-nottingham-site-wide-headers-00.txt
>>> has been successfully submitted by Mark Nottingham and posted to the
>>> IETF repository.
>>> 
>>> Name:         draft-nottingham-site-wide-headers
>>> Revision:     00
>>> Title:                Site-Wide HTTP Headers
>>> Document date:        2016-08-03
>>> Group:                Individual Submission
>>> Pages:                10
>>> URL:            https://www.ietf.org/internet-drafts/draft-nottingham-site-wide-headers-00.txt
>>> Status:         https://datatracker.ietf.org/doc/draft-nottingham-site-wide-headers/
>>> Htmlized:       https://tools.ietf.org/html/draft-nottingham-site-wide-headers-00
>>> 
>>> 
>>> Abstract:
>>>  This document specifies an alternative way for Web sites to send HTTP
>>>  response header fields that apply to large numbers of resources, to
>>>  improve efficiency.
>>> 
>>> 
>>> 
>>> 
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>> 
>>> The IETF Secretariat
>>> 
>> 
>> --
>> Mark Nottingham   https://www.mnot.net/
>> 
>> 
>> 
>> 
>> 

--
Mark Nottingham   https://www.mnot.net/

Received on Wednesday, 3 August 2016 13:06:04 UTC