W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2015

Re: HSTS Priming, continued.

From: Mike West <mkwst@google.com>
Date: Fri, 6 Nov 2015 18:52:10 +0100
Message-ID: <CAKXHy=cMq1b6pdH2eHKQf7f9R=egsWyrNEdg5LEB_kf2M9zGfA@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Richard Barnes <rbarnes@mozilla.com>, Jeff Hodges <jeff.hodges@paypal.com>, Anne van Kesteren <annevk@annevk.nl>, Adam Langley <agl@google.com>
On Fri, Nov 6, 2015 at 6:40 PM, Brad Hill <hillbrad@gmail.com> wrote:

> I like it.  Even if you don't want to apply it normatively to navigational
> requests, it might be useful to suggest that the prefetcher, if one exists,
> should perform priming.

Sounds reasonable:

That said, the concerns I've heard from folks to whom I've shopped this
proposal have centered around load (especially in geographic regions that
blackhole requests to port 443 in a way that fails slowly rather than
quickly). I'd like to start with something small that won't have a
seriously detrimental impact on load times.

Also, selfishly, it's a lot easier to poke at subresource requests in
Blink, as we can reuse much of the infrastructure that CORS preflights have
paved. Navigations are harder, especially as the implementation is a bit in
flux at the moment.

Received on Friday, 6 November 2015 17:52:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:52 UTC