W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [upgrade] return=secure-representation

From: Nottingham, Mark <mnotting@akamai.com>
Date: Fri, 13 Mar 2015 06:38:02 +0000
To: Mike West <mkwst@google.com>
CC: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <FB5C3206-0F83-4DAA-B1EC-E0BA873AF768@akamai.com>

> On 13 Mar 2015, at 5:35 pm, Mike West <mkwst@google.com> wrote:
> 
> On Fri, Mar 13, 2015 at 5:48 AM, Nottingham, Mark <mnotting@akamai.com> wrote:
> A) This is a horrible, horrible name.
> 
> It's "horrible horrible"? Not just "horrible"? In that case, we should change it!

I will remember that trick...

> I'd suggest either:
> 
> Prefer: redir2sec
> 
> ... or creating another, even shorter request header altogether (they're cheap).
> 
> `Prefer: https`?

OooooooOOOoh

> 
> I really don't have strong opinions about how this should be spelled, as I think we're agreeing on the concept that lies behind the bits on the wire.
>  
> B) If the server is making decisions based upon the presence or absence of this directive, it needs to either be a) uncacheable or b) listed in Vary.
> 
> This example you provided looks good to me, thanks!
>  
> (Note that Connection: keep-alive is *not* relevant in HTTP/1.1).
> 
> This is why it's good to have expert review. :) 
> 
> --
> Mike West <mkwst@google.com>, @mikewest
> 
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

--
Mark Nottingham    mnot@akamai.com    https://www.mnot.net/





Received on Friday, 13 March 2015 06:38:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC