| 1 | HTTPBIS WG
|
|---|
| 2 | IETF 77
|
|---|
| 3 |
|
|---|
| 4 | Issues: http://svn.tools.ietf.org/svn/wg/httpbis/wg_materials/ietf77/ietf-77-httpbis-issues.xhtml
|
|---|
| 5 | Changes (07->09): http://svn.tools.ietf.org/svn/wg/httpbis/wg_materials/ietf77/ietf-77-httpbis.xhtml
|
|---|
| 6 |
|
|---|
| 7 | Agenda and other info: http://tools.ietf.org/wg/httpbis/agenda
|
|---|
| 8 |
|
|---|
| 9 | XMPP log: http://www.ietf.org/jabber/logs/httpbis/2010-03-22.txt
|
|---|
| 10 | Archived audio stream: http://limestone.uoregon.edu/ftp/pub/videolab/media/ietf77/ietf77-ch6-mon-afnoon2.mp3
|
|---|
| 11 |
|
|---|
| 12 | ==Agenda bash
|
|---|
| 13 |
|
|---|
| 14 | JeffH might take a few minutes to present security properties
|
|---|
| 15 |
|
|---|
| 16 | ==Changes overview (link above)
|
|---|
| 17 |
|
|---|
| 18 | Two drafts since Stockholm; changes summarized
|
|---|
| 19 |
|
|---|
| 20 | Yves: w3c is considering using time ranges as a custom range unit (re http://trac.tools.ietf.org/wg/httpbis/trac/ticket/150)
|
|---|
| 21 |
|
|---|
| 22 | ==Open issues (link above)
|
|---|
| 23 |
|
|---|
| 24 | Things that are currently being discussed - age calculation (new algorithm, please check it, see http://trac.tools.ietf.org/wg/httpbis/trac/ticket/29), URI fragments in redirection (media type specific?, please provide input, see http://trac.tools.ietf.org/wg/httpbis/trac/ticket/43), response code caching (which codes can be cached?, see http://trac.tools.ietf.org/wg/httpbis/trac/ticket/110), sniffing (see http://trac.tools.ietf.org/wg/httpbis/trac/ticket/155), effective request URI (see http://trac.tools.ietf.org/wg/httpbis/trac/ticket/196)
|
|---|
| 25 |
|
|---|
| 26 | Yves: fragment processing depends on media type, so do we need to address this in the registration of URI types that allow for fragments?
|
|---|
| 27 |
|
|---|
| 28 | Yves: (security for sniffing) add text that says that ignoring the content-type is done at the risk of those who do it, as advisory/warning
|
|---|
| 29 |
|
|---|
| 30 | Julian: and the "sniffing" draft
|
|---|
| 31 |
|
|---|
| 32 | Yves: we'll have to talk to Adam about that
|
|---|
| 33 |
|
|---|
| 34 | Alexey: "sniffing" is not well-understood outside this context
|
|---|
| 35 |
|
|---|
| 36 | jeffh: on effective URI - is this work justified? (see definition in http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html)
|
|---|
| 37 |
|
|---|
| 38 | Julian: we needed a name and your name fit (on xmpp: Mark agrees)
|
|---|
| 39 |
|
|---|
| 40 | Pending issues
|
|---|
| 41 |
|
|---|
| 42 | Jamshid Mahdavi: has implemented deflate and can explain the problem, not sure about a solution (see http://trac.tools.ietf.org/wg/httpbis/trac/ticket/73)
|
|---|
| 43 |
|
|---|
| 44 | Mark: proposal is to note that implementations do send deflate without zlib wrappers
|
|---|
| 45 |
|
|---|
| 46 | Yves: methods and caching, but this (139) is about the story the spec has to say when we decided to use method+URI as the key for caches (which is a clarification over rfc2616 caching text)
|
|---|
| 47 |
|
|---|
| 48 | (See XMPP logs for more discussion on this point)
|
|---|
| 49 |
|
|---|
| 50 | Location header and its handling; Julian proposes to consider non-URI values in Location (such as whitespace) to continue to be errors, and to be subject to (undefined) error handling.
|
|---|
| 51 |
|
|---|
| 52 |
|
|---|
| 53 | ==Security properties http://tools.ietf.org/html/draft-ietf-httpbis-security-properties-05
|
|---|
| 54 |
|
|---|
| 55 | Referencing the "Overall Issue" in the draft
|
|---|
| 56 |
|
|---|
| 57 | JeffH: the issue is whether this doc is either a collection of peer-entity authentication mechanisms and picking a mandatory to implement set thereof; or if it is intended to be a collection of the nastier security problems (or cross-specification ones)
|
|---|
| 58 |
|
|---|
| 59 | Robert Sayre: Can't add MTI (mandatory-to-implement) mechanisms by charter
|
|---|
| 60 |
|
|---|
| 61 | JeffH: if this is a description of the mechanisms that are actually used, this spec is poorly named
|
|---|
| 62 |
|
|---|
| 63 | Robert: this is authn, because it's not revising 2617
|
|---|
| 64 |
|
|---|
| 65 | Lisa: expanding might be good to avoid problems with IESG review; describing the problems is useful; wants all included, if possible
|
|---|
| 66 |
|
|---|
| 67 | JeffH: the name change is only necessary if the scope is constrained to authn
|
|---|
| 68 |
|
|---|
| 69 | Lisa: authent is a potential hotspot for argument, might need to trade-off time investment against potential benefit
|
|---|
| 70 |
|
|---|
| 71 | Barry: this might be a good place for the cross-document security considerations or the stuff common to each, those things that don't fit the individual drafts
|
|---|
| 72 |
|
|---|
| 73 | Joe H: we don't write security considerations just to placate the IESG
|
|---|
| 74 |
|
|---|
| 75 | ==RFC2231 in HTTP (see http://svn.tools.ietf.org/svn/wg/httpbis/wg_materials/ietf77/ietf-77-http2231.xhtml)
|
|---|
| 76 |
|
|---|
| 77 | Problem with Content-Disposition and I18n
|
|---|
| 78 |
|
|---|
| 79 | In IETF LC
|
|---|
| 80 |
|
|---|
| 81 | NedF: making this separate from 2231 is a good idea, it's not time to revise 2231
|
|---|
| 82 |
|
|---|
| 83 | Ned: apologizing for 2231 shortcomings
|
|---|
| 84 |
|
|---|
| 85 | jck: profiling things out is right, agrees with Ned
|
|---|
| 86 |
|
|---|
| 87 | Julian: utf-8 would be nice for HTTP, but it's not possible
|
|---|
| 88 |
|
|---|
| 89 | ChrisN: don't allow for multiple language variants, profile that out
|
|---|
| 90 |
|
|---|
| 91 | Julian: send this to LC
|
|---|
| 92 |
|
|---|
| 93 | Ned and jck: agrees with Chris
|
|---|
| 94 |
|
|---|
| 95 | jck: the security consideration relating to comparison of utf-8 strings needs to be addressed, but it's not clear what this spec needs to include
|
|---|
| 96 |
|
|---|
| 97 | Alexey: spec revision needed
|
|---|
| 98 |
|
|---|
| 99 | Julian: profiling lang variants out is used in an RFC (link header), so profiling that out might be hard
|
|---|
| 100 |
|
|---|
| 101 | Ned: in practice, that's probably not a problem; no implementations, though there might be in the HTTP world
|
|---|
| 102 |
|
|---|
| 103 | jck: this looked like a good idea at the time, but it didn't work out; reiterates Ned
|
|---|
| 104 |
|
|---|
| 105 | Mark: implementers might have felt that it was too complex
|
|---|
| 106 |
|
|---|
| 107 | Ned: 2231 doesn't say anything about having multiple language flags, might be difficult to include based on syntax definition
|
|---|
| 108 |
|
|---|
| 109 | Julian shows example from link header draft -08: wrong draft, it's in the draft being discussed, Section 4.3
|
|---|
| 110 |
|
|---|
| 111 | Ned: might be a problem, but it's a legitimate use case that's being demonstrated, can't object based on this
|
|---|
| 112 |
|
|---|
| 113 | jck: nervous, but potential problems with the bindings between the parameters and various over header values
|
|---|
| 114 |
|
|---|
| 115 | Yngve: this might cause problems (mentions accept-language)
|
|---|
| 116 |
|
|---|
| 117 | Ned: need good guidance on how this is used and how it interacts with similar features of the language
|
|---|
| 118 |
|
|---|
| 119 | Mark: http already has multiple ways of doing such things and there is no guidance given there
|
|---|
| 120 |
|
|---|
| 121 | Julian: this will affect the link header draft which is long past LC
|
|---|
| 122 |
|
|---|
| 123 | Alexey: we can do another LC if we need to
|
|---|
| 124 |
|
|---|
| 125 |
|
|---|
| 126 | ==Closing Discussion
|
|---|
| 127 |
|
|---|
| 128 | Alexey: when is httpbis going to close
|
|---|
| 129 |
|
|---|
| 130 | Julian: we have been slow, but plan to finish this summer, we will plan to meet in Maastrict
|
|---|
| 131 |
|
|---|
| 132 | Lisa: HTTP PATCH is now an RFC
|
|---|
| 133 |
|
|---|
| 134 |
|
|---|
| 135 | ==WebDAV ideas
|
|---|
| 136 |
|
|---|
| 137 | http://trac.tools.ietf.org/area/app/trac/wiki/DavFuture
|
|---|
| 138 |
|
|---|
| 139 | Julian: might charter a WG for this
|
|---|
| 140 |
|
|---|
| 141 | Cyrus: caldav carddav deployments are demanding more performance and some features
|
|---|
| 142 |
|
|---|
| 143 | Alexey: try to organize a bof
|
|---|
| 144 |
|
|---|
| 145 |
|
|---|
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
