See also: IRC log
Francois: Any comments on the draft?
<francois> Close ACTION-628
<trackbot-ng> ACTION-628 Produce draft 1d by Friday closed
<hgerlach> heiko has to redail in
<francois> Yves Lafon
Francois: Talked with Yves Lafon
of the W3c about Cache-Control
... He has been involved with HTTP
... He said we should not recommend extensions to HTTP that
would require all servers to change
... He said we should not recommend any extesions to
Cache-Control header
... The CP either enables content transformation or doesn't
with Cache-Control: no-transform
... If we decide to do extensions to Cache-Control we need to
write an IETF draft
... There is an example
<francois> Mark Nottingham example
Francois: This is the kind of
thing we could write to propose extensions to
Cache-Control
... Will talk to Yves F2F this week and come back with details
next week.
... I think it is a good idea to do this--if we don't the
document may not be as useful
Francois: The most important part
of the doc is CP to proxy communication.
... Jo mentioned that there was some discussion about HTTP
POST
Magnus: Is beyond our
scope.
... An example would be a picture from the phone uploaded to
the server.
... The proxy could transform the photo if it was weird
format.
Francois: Is there any case where CT proxy should not do anything with a post?
Magnus: We could come up with examples but they are too esoteric.
Bryan: This represents value added services that are beyond what we should say something about.
Francois: Jo removed that part about POST from the draft.
Bryan: Have comments on this. The
user agent should be the primary way to detect non-browser
unless there is secondary info.
... Jo said something about using heuristics, etc. for
detecting non-browser environment.
Heiko: That comment was quite useful.
<Bryan> Jo proposed "the proxy SHOULD make "reasonable efforts" to determine whether a user agent is a browser, using heuristics applied to an a priori knowledge base"
Heiko: We are not able to always understand the UA from the UA string because there is no standardization
Bryan: AT&T has been able to
get useful information from UA.
... We do see just "Mozilla" sometime however.
<francois> ACTION: bryan to propose some recommendation on user-agent detection from a proxy and browser's (format) point of view [recorded in http://www.w3.org/2008/01/29-bpwg-minutes.html#action01]
<trackbot-ng> Created ACTION-632 - Propose some recommendation on user-agent detection from a proxy and browser's (format) point of view [on Bryan Sullivan - due 2008-02-05].
<francois> Close ACTION-626
<trackbot-ng> ACTION-626 Contribute text on detection of non-browser user agent closed
Francois: This was added by Jo in
the current draft.
... Summarize the extensions for Cache-control and other
extensions
... Want to talk about https rewrite.
Bryan: I said that rewrite of
https URLs doesn't work.
... Rewriting all links on an HTTPS page may have some
uses.
Francois: Could be dangerous to rewrite HTTPS URLs.
Bryan: Example: CT Proxy could
recreate the "WAP GAP"
... Connection between Browser and proxy is secure.
Andrew: We should put in the guidelines that if the proxy intercepts HTTPS, the user should be notified and prompted.
Bryan: Needs to be clarified that if the user refuses to allow proxy to intercept HTTPS, it may not work.
Andrew: User should be given the option, and then it should work end-to-end; i.e., not through proxy.
Bryan: In this case the page is not formatted for the phone.
Andrew: Correct, but user should have the option.
Francois: Is this feasable for users?
Andrew: Most users don't know much about this, but it is good to give option. It is what VF UK is doing.
Bryan: Make sure this is very
clear in "terms and conditions." Don't make the user answer too
many questions.
... Could make these kinds of decisions available through a
desktop browser link.
Francois: Summary: Should make it clear in the document that proxy should ask the user about HTTPS.
Andrew: If not proxy could create man-in-the-middle attack.
Bryan: This preference should be remembered.
<francois> ACTION: Andrew to write a clear draft on @@allow-https-rewrite and the need for the end-user to be aware of the situation [recorded in http://www.w3.org/2008/01/29-bpwg-minutes.html#action02]
<trackbot-ng> Created ACTION-633 - Write a clear draft on @@allow-https-rewrite and the need for the end-user to be aware of the situation [on Andrew Swainston - due 2008-02-05].
Francois: How could the browser say it was CT-proxy-aware?
Heiko: Most browsers that need CT-proxy are old browsers that are not CT-aware.
Francois: Say we did have a browser that CT-aware. How would we tell the proxy this?
<francois> In the absence any of the previous directives elaborating the no-transform directive, the client should indicate that it understands the conventions of this document by including a [@@ct-proxy-aware directive].
Heiko: Why? Should only do transformation for low-end browsers.
Francois: The document currently talks about CT-aware browsers.
Bryan: The most common case right
now is legacy browsers.
... If we have control commands for CT, then the browser needs
to know that the browser is CT-aware.
... Could use DDR to know if a browser is CT-aware.
... Need an attribute in DDR that specifies CT-aware.
Value of CT-awareness: Browser can control CT without user interaction.
Heiko: We are talking about a config string sent from browser to proxy
Bryan: Think that DDR would be best for handling CT-aware to reduce network overhead of sending a header each time.
Francois: Lots of content in the document that talks about interaction between CT proxy and browser.
Heiko: Don't think we need this. 90% of value of CT proxy is for legacy browsers.
Francois: Question: Will any
CT-aware browsers ever be implemented?
... Is this something browser makers are even interested in
doing?
Bryan: As browsers become more
capable, the need for CT services will diminish.
... Less transformation will be done on the network and more on
the device.
... Don't see that CT-awareness will be high priority for
browser makers.
Heiko: Low tier browsers are not
high priority for phone makers.
... For the future, optimation and acceleration will be the
main use of CT proxies
Bryan: The are hundreds of millions of devices out there and the turnover is such that CT proxies could be needed for 5 years or so.
Francois: Jo mentioned that there
could be some problems.
... Directive is between CT-aware browser and proxy.
... Not sure what the priority is.
<SeanPatterson> scribe: SeanPatterson
<scribe> scribenick: SeanPatterson
Andrew: Expect to see legacy devices used for several years.
<hgerlach> just a short questio: how to register for the speaker queue???
<francois> francois: One last thing about the impossible conciliation of the Cache-Control: no-transform directive and the WAP gateways. Should we drop a note stating that these guidelines won't work in that case?
<inserted> Andrew: yes, I think that's a good idea
<francois> ACTION: daoust to write a note to say something about Cache-Control: no-transform and WAP gateways [recorded in http://www.w3.org/2008/01/29-bpwg-minutes.html#action03]
<trackbot-ng> Created ACTION-634 - Write a note to say something about Cache-Control: no-transform and WAP gateways [on François Daoust - due 2008-02-05].
<hgerlach> great, thanks!