Re: HTTP Signatures draft published at IETF

On 5/9/13 8:05 PM, Mark Nottingham wrote:
> Hi,
>
> From's semantics and syntax are well-defined, and they are in use.

Confining the value to a mailto: scheme URI basically introduces an 
artificial conflation.

An Email Address doesn't denote an Agent, it denotes "An Email Address". 
The trouble is that many use it to denote Agents (typically, the Person 
subClass).

I (and others) are offering a tweak whereby the URI is scheme agnostic, 
but you feel its better for us to conjure up another header while also 
asking us to stay away from "X-Whatever-New-Header: " patterns.

Please give me (if possible) a simple example of the broad use of "From: 
" that will lead to widespread confusion and disruption simply because 
some tool will orchestrate browsers into placing URIs that actually 
denote agents into this request headers. At the very least, meet up half 
way by providing an example. Worst that will happen is that we'll figure 
out another non disruptive way to unleash this powerful tweak to HTTP.

>   If you want to do this, I'd suggest defining a new header, or a new link relation (to use in Link); From isn't going to fly.

Again, please digest my comments above. This is about an important tweak 
for which we don't see downside, so at the very least help us understand 
the downside in a little more detail via some field use examples.


Kingsley
>
> Regards,
>
>
> On 09/05/2013, at 7:18 PM, ☮ elf Pavlik ☮ <perpetual-tripper@wwelves.org> wrote:
>
>> Excerpts from Kingsley Idehen's message of 2013-05-08 20:29:19 +0000:
>>> On 5/7/13 2:12 PM, Melvin Carvalho wrote:
>>>> On 7 May 2013 19:01, Manu Sporny <msporny@digitalbazaar.com
>>>> <mailto:msporny@digitalbazaar.com>> wrote:
>>>>
>>>>     On 05/07/2013 04:04 AM, Melvin Carvalho wrote:
>>>>> Yeah, I'll ping Julian Reschke or Mark Nottingham about it to see if
>>>>> we can update the HTTP header field easily.
>>>>>
>>>>> +1
>>>>>
>>>>> There have been proponents of this for many years e.g. Toby, Nathan,
>>>>> Kingsley, myself ... just need to get the spec tweaked to
>>>>> distinguish between strings and URIs.
>>>>     Do one of you want to take the lead on this? :)
>>>>
>>>>
>>>> Sure, I would be happy to.  Kingsley already asked Mark Nottingham
>>>> about this last month.  Im unsure what the most productive next steps
>>>> should be.
>>> Mark,
>>>
>>> Another dimension to the same issue.
>>>
>>> We can loosen the HTTP spec requirements for "From:" without disrupting
>>> existing products that assume the header value is an Email address.
>>>
>>> All:
>>>
>>> Do we have any data about how broad current use of "From:" actually is?
>> +1 on allowing URI in "From:" request header :)
>>
>> I set it myself to email for about 2 years now using firefox extension: http://www.garethhunt.com/modifyheaders
>>
>> I also mentioned it in this email with link to work of Blaine Cook on *Privacy-over-Webfinger*
>> https://groups.google.com/group/webfinger/browse_thread/thread/52599662c273a043
>>
>> warning: mentioned thread got mixed with another thread so few messages went off topic first!
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>
>
>


-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Saturday, 11 May 2013 18:52:39 UTC