- From: Francois Daoust <fd@w3.org>
- Date: Tue, 29 Jan 2008 17:17:14 +0100
- To: public-bpwg-ct <public-bpwg-ct@w3.org>
The minutes of today's discussion are available at: http://www.w3.org/2008/01/29-bpwg-minutes.html ... and copied as text below. Thanks Sean for scribing! François. 29 Jan 2008 [2]Agenda [2] http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Jan/0028.html See also: [3]IRC log [3] http://www.w3.org/2008/01/29-bpwg-irc Attendees Present francois, Bryan_Sullivan, AndrewS, rob, Heiko, SeanP, Magnus Regrets jo Chair francois Scribe SeanP, SeanPatterson Contents * [4]Topics 1. [5]New draft is here 2. [6]HTTP Cache-Control extensions 3. [7]CT-proxy and HTTP POST (part 3.2) 4. [8]Detection of non-browser environment 5. [9]Summary of proposed features (part 3.7) 6. [10]CT-proxy-aware 7. [11]reload-untransformed directive * [12]Summary of Action Items _________________________________________________________ New draft is here Francois: Any comments on the draft? <francois> Close ACTION-628 <trackbot-ng> ACTION-628 Produce draft 1d by Friday closed HTTP Cache-Control extensions <hgerlach> heiko has to redail in <francois> Yves Lafon Francois: Talked with Yves Lafon of the W3c about Cache-Control ... He has been involved with HTTP ... He said we should not recommend extensions to HTTP that would require all servers to change ... He said we should not recommend any extesions to Cache-Control header ... The CP either enables content transformation or doesn't with Cache-Control: no-transform ... If we decide to do extensions to Cache-Control we need to write an IETF draft ... There is an example <francois> [13]Mark Nottingham example [13] http://www.mnot.net/drafts/draft-nottingham-http-stale-while-revalidate-00.txt Francois: This is the kind of thing we could write to propose extensions to Cache-Control ... Will talk to Yves F2F this week and come back with details next week. ... I think it is a good idea to do this--if we don't the document may not be as useful CT-proxy and HTTP POST (part 3.2) Francois: The most important part of the doc is CP to proxy communication. ... Jo mentioned that there was some discussion about HTTP POST Magnus: Is beyond our scope. ... An example would be a picture from the phone uploaded to the server. ... The proxy could transform the photo if it was weird format. Francois: Is there any case where CT proxy should not do anything with a post? Magnus: We could come up with examples but they are too esoteric. Bryan: This represents value added services that are beyond what we should say something about. Francois: Jo removed that part about POST from the draft. Detection of non-browser environment Bryan: Have comments on this. The user agent should be the primary way to detect non-browser unless there is secondary info. ... Jo said something about using heuristics, etc. for detecting non-browser environment. Heiko: That comment was quite useful. <Bryan> Jo proposed "the proxy SHOULD make "reasonable efforts" to determine whether a user agent is a browser, using heuristics applied to an a priori knowledge base" Heiko: We are not able to always understand the UA from the UA string because there is no standardization Bryan: AT&T has been able to get useful information from UA. ... We do see just "Mozilla" sometime however. <francois> ACTION: bryan to propose some recommendation on user-agent detection from a proxy and browser's (format) point of view [recorded in [14]http://www.w3.org/2008/01/29-bpwg-minutes.html#action01] <trackbot-ng> Created ACTION-632 - Propose some recommendation on user-agent detection from a proxy and browser's (format) point of view [on Bryan Sullivan - due 2008-02-05]. <francois> Close ACTION-626 <trackbot-ng> ACTION-626 Contribute text on detection of non-browser user agent closed Summary of proposed features (part 3.7) Francois: This was added by Jo in the current draft. ... Summarize the extensions for Cache-control and other extensions ... Want to talk about https rewrite. Bryan: I said that rewrite of https URLs doesn't work. ... Rewriting all links on an HTTPS page may have some uses. Francois: Could be dangerous to rewrite HTTPS URLs. Bryan: Example: CT Proxy could recreate the "WAP GAP" ... Connection between Browser and proxy is secure. Andrew: We should put in the guidelines that if the proxy intercepts HTTPS, the user should be notified and prompted. Bryan: Needs to be clarified that if the user refuses to allow proxy to intercept HTTPS, it may not work. Andrew: User should be given the option, and then it should work end-to-end; i.e., not through proxy. Bryan: In this case the page is not formatted for the phone. Andrew: Correct, but user should have the option. Francois: Is this feasable for users? Andrew: Most users don't know much about this, but it is good to give option. It is what VF UK is doing. Bryan: Make sure this is very clear in "terms and conditions." Don't make the user answer too many questions. ... Could make these kinds of decisions available through a desktop browser link. Francois: Summary: Should make it clear in the document that proxy should ask the user about HTTPS. Andrew: If not proxy could create man-in-the-middle attack. Bryan: This preference should be remembered. <francois> ACTION: Andrew to write a clear draft on @@allow-https-rewrite and the need for the end-user to be aware of the situation [recorded in [15]http://www.w3.org/2008/01/29-bpwg-minutes.html#action02] <trackbot-ng> Created ACTION-633 - Write a clear draft on @@allow-https-rewrite and the need for the end-user to be aware of the situation [on Andrew Swainston - due 2008-02-05]. CT-proxy-aware Francois: How could the browser say it was CT-proxy-aware? Heiko: Most browsers that need CT-proxy are old browsers that are not CT-aware. Francois: Say we did have a browser that CT-aware. How would we tell the proxy this? <francois> In the absence any of the previous directives elaborating the no-transform directive, the client should indicate that it understands the conventions of this document by including a [@@ct-proxy-aware directive]. Heiko: Why? Should only do transformation for low-end browsers. Francois: The document currently talks about CT-aware browsers. Bryan: The most common case right now is legacy browsers. ... If we have control commands for CT, then the browser needs to know that the browser is CT-aware. ... Could use DDR to know if a browser is CT-aware. ... Need an attribute in DDR that specifies CT-aware. Value of CT-awareness: Browser can control CT without user interaction. Heiko: We are talking about a config string sent from browser to proxy Bryan: Think that DDR would be best for handling CT-aware to reduce network overhead of sending a header each time. Francois: Lots of content in the document that talks about interaction between CT proxy and browser. Heiko: Don't think we need this. 90% of value of CT proxy is for legacy browsers. Francois: Question: Will any CT-aware browsers ever be implemented? ... Is this something browser makers are even interested in doing? Bryan: As browsers become more capable, the need for CT services will diminish. ... Less transformation will be done on the network and more on the device. ... Don't see that CT-awareness will be high priority for browser makers. Heiko: Low tier browsers are not high priority for phone makers. ... For the future, optimation and acceleration will be the main use of CT proxies Bryan: The are hundreds of millions of devices out there and the turnover is such that CT proxies could be needed for 5 years or so. reload-untransformed directive Francois: Jo mentioned that there could be some problems. ... Directive is between CT-aware browser and proxy. ... Not sure what the priority is. <SeanPatterson> scribe: SeanPatterson <scribe> scribenick: SeanPatterson Andrew: Expect to see legacy devices used for several years. <hgerlach> just a short questio: how to register for the speaker queue??? <francois> francois: One last thing about the impossible conciliation of the Cache-Control: no-transform directive and the WAP gateways. Should we drop a note stating that these guidelines won't work in that case? <inserted> Andrew: yes, I think that's a good idea <francois> ACTION: daoust to write a note to say something about Cache-Control: no-transform and WAP gateways [recorded in [16]http://www.w3.org/2008/01/29-bpwg-minutes.html#action03] <trackbot-ng> Created ACTION-634 - Write a note to say something about Cache-Control: no-transform and WAP gateways [on François Daoust - due 2008-02-05]. <hgerlach> great, thanks! Summary of Action Items [NEW] ACTION: Andrew to write a clear draft on @@allow-https-rewrite and the need for the end-user to be aware of the situation [recorded in [17]http://www.w3.org/2008/01/29-bpwg-minutes.html#action02] [NEW] ACTION: bryan to propose some recommendation on user-agent detection from a proxy and browser's (format) point of view [recorded in [18]http://www.w3.org/2008/01/29-bpwg-minutes.html#action01] [NEW] ACTION: daoust to write a note to say something about Cache-Control: no-transform and WAP gateways [recorded in [19]http://www.w3.org/2008/01/29-bpwg-minutes.html#action03] [End of minutes]
Received on Tuesday, 29 January 2008 16:17:32 UTC