Re: Method Mania from Josh Cohen on 2024-07-28 (ietf-http-wg@w3.org from July to September 2024)

From: Josh Cohen <joshco@gmail.com>
Date: Sat, 27 Jul 2024 22:30:11 -0700
To: Julian Reschke <julian.reschke@gmx.de>
Cc: ietf-http-wg@w3.org
Message-ID: <CAF3KT4Q=ezzA2aCHyPg=k583n6vP4gTGP+wxKz+sQezD=GnowQ@mail.gmail.com>

Same here..  Patrick also said:
>
> "The better question is under what circumstances do we want to allow
> those devices to "break" and force them to fix the implementations?"

Maybe a reasonable interpretation of Patrick's statement is that it's time
to be *bold.  *HTTP/1.1 RFC2616 was published in 1999.  It's the 25 year
anniversary. 🥳  In the intervening years, the IETF has done a great job
evolving the transport.  That's created the foundation for things we
couldn't do back then.   I don't think it was a coincidence that Lisa
Dusseault was in the room.  The universe is speaking to us.  Maybe it's
time for a WebDAV re-spin..  The web could also have standardized pub/sub.

If we add new functionality that users and devs want, and makes admin life
easier, that could be helpful in driving better implementations, and uptake
of HTTP/2/3 and masque proxying.

On Sat, Jul 27, 2024 at 10:07 PM Julian Reschke <julian.reschke@gmx.de>
wrote:

> On 27.07.2024 16:44, Patrick Meenan wrote:
> >
> >
> > On Sat, Jul 27, 2024 at 4:23 AM Julian Reschke <julian.reschke@gmx.de
> > <mailto:julian.reschke@gmx.de>> wrote:
> >
> >     On 26.07.2024 00:27, Josh Cohen wrote:
> >      > On the httpwg agenda at IETF 120 were a proposal for a new QUERY
> >     method
> >      > and Braid, which has subscription functionality that overloads
> >     the GET
> >      > method.
> >      >
> >      > What I am curious about is if, at this point in the evolution of
> the
> >      > web, it is now safe to add new methods for new functionality.
> >     I've been
> >      > reading up on HTTP/2/3 and it seems that nowadays, connections are
> >      > end-to-end secure and are essentially tunneled through middle
> boxes,
> >      > including HTTP/1.1 proxies. I'm still just wrapping my head around
> >      > MASQUE, but it looks like it can handle arbitrary methods.
> Similarly
> >      > origin servers have evolved to support arbitrary methods.
> >
> >     It always has been "safe", when https was used.
> >
> >
> > https is not "safe" in practical terms because of middleboxes that
> > intercept the connections. It is very common in enterprise deployments
> > where they install local trust anchors on the client devices and use
> > mitm software to inspect the traffic.
> > ...
>
> I meant "safe" wrt deploying new HTTP methods.
>
> When was the last time you encountered a problem?
>
> Best regards, Julian
>
>
>
>
>

-- 

---
*Josh Co*hen

Received on Sunday, 28 July 2024 05:30:27 UTC