W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [upgrade] return=secure-representation

From: Mike West <mkwst@google.com>
Date: Fri, 13 Mar 2015 07:35:54 +0100
Message-ID: <CAKXHy=fdKRh-c=JRz975fczZfteF1Y1Ggwweaw9oWCs_8Z0ODw@mail.gmail.com>
To: "Nottingham, Mark" <mnotting@akamai.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On Fri, Mar 13, 2015 at 5:48 AM, Nottingham, Mark <mnotting@akamai.com>

> A) This is a horrible, horrible name.

It's "horrible horrible"? Not just "horrible"? In that case, we should
change it!

I'd suggest either:
> Prefer: redir2sec
> ... or creating another, even shorter request header altogether (they're
> cheap).

`Prefer: https`?

I really don't have strong opinions about how this should be spelled, as I
think we're agreeing on the concept that lies behind the bits on the wire.

> B) If the server is making decisions based upon the presence or absence of
> this directive, it needs to either be a) uncacheable or b) listed in Vary.

This example you provided looks good to me, thanks!

> (Note that Connection: keep-alive is *not* relevant in HTTP/1.1).

This is why it's good to have expert review. :)

Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 13 March 2015 06:36:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:47 UTC