* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Httpbis Status Pages

HTTP (Active WG)
Art Area: Barry Leiba, Murray Kucherawy | 2007-Oct-23 —  
Chairs
 
 


IETF-86 httpbis minutes

Slides

These are also available from the materials page:
HTTP/1.1 Changes
LTTIWLTCIHTIDFIHTATCWWGF
HeaderDiff
Gabriel - Flow Control
Session 2013-03-15 0900-1100: Caribbean 5 - Audio stream - httpbis chatroom

Minutes

minutes-86-httpbis minutes



          Minutes for HTTPbis - IETF 86 Orlando
          
          No bashes to agenda
          
          - HTTP 1.1
          Review of documents and tickets/changes. No responses on tickets post
          WGLC; to be closed.
          Action Mark: Will have a cross-document WGLC. Ending late April /
          early May.
          Action Mark/Philippe: Go talk to W3C re: specific items for them.
          
          - HTTP 2.0
          Agreement in Tokyo to get a first implementation draft - review of
          those minutes.
          Pointer to github - Reminder that IETF rules (aka "Note Well") apply to
          discussion and contributions
          in github
          Expect draft to be marked "ready for implementation" in the next 4-6 weeks
          
          Cyrus Daboo: Interop events upcoming?
          Mark: Yes. Should meet before Berlin (mid-June, SF Bay Area, around
          Velocity), in Berlin, and then
          interim right after also in Berlin. Could use some of that for test
          suite dev/interop.
          
          -- Martin Thomson's presentation:
          Stream identifier proposal: Make the frame header always contain a
          stream identifier
             Hasan Farooq: We shouldn't add 4 bytes to every frame header.
             Roberto Peon: Just send GOAWAY only once; otherwise neutral.
             Martin: This makes the document simpler.
             Roberto: We did this in SPDY4 as well.
             Hasan: I suggest no change in the wire format, just change the doc
             to say frame header is smaller
             and the ID is part of the frame header.
             - Action: Martin and Hassan will come to agreement and suggest to
             the list
          
          Error code proposal: combine the two error spaces
             Eliot Lear: This is basic IANA cleanup
             - Agreement in the room.
          
          IANA Policies proposal
             Agreement in room
          
          Framing layer common flags:  Define common flags for all frames
             Will Chan: Same flag field, just reserving bits? Yes. Just convention,
             not formal in the registry.
             Agreement in the room.
          
          Connection-based authentication: Propose remove the text and leave it
          as an open issue.
             Agreement in the room
          
          Propose remove :version
             Agreement in the room
          
          100-continue proposal: just send a HEADERS frame
             Mark: I already have the action item, will start that discussion
          
          Multiple RST_STREAM proposal: just send one
             Roberto: What do you do when you have stupid servers or clients that
             keep sending you stuff? This
             will cost too much.
             Mark: Can advise not to send.
             Will: Also simpler to allow it.
             Eliot: Won't you just end up sending 3, 4, 5...? Answer: Implementation
             choice for what to do then.
             - Action: Martin to provide explanatory text (implementation advice)
          
          SETTINGS_CURRENT_CWND proposal: remove it
             Roberto: Still a bit early to kill it; we haven't experimented yet
             Mark: We have agreed to mark settings persistence "at risk". Note
             this too.
             Gorry Fairhurst: We should talk to transport people.
             Hasan: Defer discussion until we have data.
             Jana Iyengar: This could change over time.
             - Action: Mark this "at risk" as well.
          
          Data Compression proposal: remove the bit
             Hasan: Removed in SPDY3.
             Will: SPDY removed this because it didn't work.
             Robert: This is vestigal, even in 2
             Eliot: Partners are concerned about mandatory compression.
             Mark: No, this is only *data* compression, not header.
             Agreement in the room.
          
          - TLS
             Mark: Discussing with EKR
             Adam: Google has said that if ALPN is adopted in TLS WG then Google
             will deprecate NPN
          
          - Further research (Eliot)
             Cisco is interested in funding some research in this area.
          
          Issue  discussion
          
          - Header Compression
             Mark: In Tokyo, interest was in delta compression and headerdiff;
             comparing to gzip
             Adam Langley: Was that normal gzip? Answer: Yes
             Mark: Showed graph comparison
             Roberto: (Describes delta2)
             Mark: How do you map keys/values to header keys/values?
             Roberto: Encode either as is, or preceded with a colon.
             Adam: What was the window size for gzip in the graph? Roberto:
             Used max.
             Phil Hallam-Baker: Using bearer tokens with Javascript is not a good
             security model. The problem
             is cookies, not compression.
             Roberto: But we do have to replace this part of the protocol, and
             we're not chartered to address
             that issue.
             Robby Simpson: Gzip (even with small window size) uses too much
             memory. How does memory usage
             compare?
             Roberto: We're trying to be relatively space efficient, but can send
             back error if size is too
             large, though that adds a RT.
             Jana: Is the dictionary entire connection or per stream?
             Roberto: Entire connection. Can maintain even per host.
             Jeff Hodges: More discussion of cookies.
             Adam: Is it in scope to think about gzip for the content?
          
             Hervé Ruellan: (Describes headerdiff)
             Roberto: Prefix matching was done in delta, but not safe
             Hervé: As we're doing it, the current CRIME attack doesn't work.
             Adam: Are you saying it only applies client to server? It can work
             in the other direction too.
             Martin: Cookies are controllable by clients in certain scenarios. Use
             of compression contexts for
             same header doesn't protect you. Delta and deflate are bad for the
             same reasons.
             Roberto: You never know where in the header field sensitive info
             might occur, so still risk.
             Hasan: A graph for all 3 algorithms with equivalent buffer sizes
             would be helpful.
             Mark: (Showing graphs)
             Mark: How many folks have looked at these specs? (3-4 hands)
             Mark: Because of CRIME concerns, delta is looking better in the room,
             but we need more discussion
             Jana: I'd like to see numbers if we did compression per stream.
             Roberto: Please try making mods to code and let us know.
             Hervé: I will try to update propose to avoid CRIME attack.
             - Action item: Please read specs; we'll discuss on list. (Reminder:
             We're just choosing a
               starting point.)
          
          - Upgrade/Negotiation
             Mark: 1. NPN / ALPN, 2. HTTP URIs, 3. DNS hints, 4. "magic"
             Martin: (Describes what he added to draft)
             Eliot: Added profile to DNS draft, updated examples. IAB also working
             on a draft.
             Adam: 4-5% of our users can't do TXT lookups.
             Mark: Is it safe to assume NPN & TLS? (Nodding heads yes)
             Geoffrey Cooper: DNS puts a burden on the security proxy
             Roberto: Worst is it adds a RT.
             PHB: This is not a penalty on every HTTP connection. I don't think
             this is a big overhead.
             Gabriel Montenegro: On the TLS negotiation: I don't know if TLS will
             decide in the next session.
             Shouldn't we postpone until then?
             Mark: We'll take whatever they do into account. This is just for
             implementation testing.
             Andrei Popov: There is an open source implementation good for testing.
          
          - Startup state (Gabriel)
             Gabriel: (Presents issues on unknown startup state)
             Gabriel: Still could be in the response from server in the Upgrade
             case, so still a problem.
             Gabriel: (Presents proposal to set startup state in negotiation)
             Hasan: The asymmetry of paths is something we've thought about
             before. We should make it go away.
             The client should be able to send a settings frame.
             Mark: Not sure about doing it in TLS.
             Gabriel: Probably best design in TLS.
             Adam: This is *already* possible via opaque identifiers in NPN (and
             also in ALPN).
             Mark: Let's keep this discussion going.
          
          



Generated from PyHt script /wg/httpbis/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -