IRC log of bpwg on 2008-10-14
Timestamps are in UTC.
- 13:58:17 [RRSAgent]
- RRSAgent has joined #bpwg
- 13:58:17 [RRSAgent]
- logging to http://www.w3.org/2008/10/14-bpwg-irc
- 13:58:19 [trackbot]
- RRSAgent, make logs public
- 13:58:19 [Zakim]
- Zakim has joined #bpwg
- 13:58:21 [trackbot]
- Zakim, this will be BPWG
- 13:58:21 [Zakim]
- ok, trackbot; I see MWI_BPWG(CTTF)10:00AM scheduled to start in 2 minutes
- 13:58:22 [trackbot]
- Meeting: Mobile Web Best Practices Working Group Teleconference
- 13:58:22 [trackbot]
- Date: 14 October 2008
- 13:59:54 [jo]
- jo has joined #bpwg
- 14:00:06 [francois]
- Chair: francois
- 14:00:08 [SeanP]
- SeanP has joined #bpwg
- 14:00:29 [francois]
- Agenda: http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Oct/0018.html
- 14:00:40 [Zakim]
- MWI_BPWG(CTTF)10:00AM has now started
- 14:00:47 [Zakim]
- +??P7
- 14:01:00 [jo]
- zakim, ??p7 is me
- 14:01:00 [Zakim]
- +jo; got it
- 14:01:40 [Zakim]
- +SeanP
- 14:01:43 [Zakim]
- +??P15
- 14:01:51 [Zakim]
- +andrews
- 14:02:11 [tomhume]
- zakim, +??P15 is me
- 14:02:14 [Zakim]
- sorry, tomhume, I do not recognize a party named '+??P15'
- 14:02:21 [tomhume]
- zakim, ??P15 is me
- 14:02:21 [Zakim]
- +tomhume; got it
- 14:02:33 [Zakim]
- +Francois
- 14:02:46 [andrews]
- andrews has joined #bpwg
- 14:03:13 [francois]
- zakim, who is on the phone?
- 14:03:23 [Zakim]
- On the phone I see jo, SeanP, tomhume, andrews, Francois
- 14:04:27 [francois]
- Scribe: andrews
- 14:04:31 [francois]
- ScribeNick: andrews
- 14:05:33 [andrews]
- Francois: Heiko is moving to another role so will not be joining this call or future calls
- 14:05:39 [andrews]
- Topic: HTTPS links re-writing
- 14:05:53 [francois]
- -> http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Oct/0014.html FD's email to IETF TLS WG
- 14:06:06 [rob]
- rob has joined #bpwg
- 14:06:20 [francois]
- "Since this is a man-in-the-middle attack, it would be interesting to
- 14:06:20 [francois]
- know how browsers react in that case. It should be have been made clear
- 14:06:20 [francois]
- to the user which site he connected to (www.proxy.com instead of
- 14:06:20 [francois]
- www.amazon.com)."
- 14:07:09 [tomhume]
- q+
- 14:07:11 [Zakim]
- +rob
- 14:07:12 [andrews]
- Francois: Any view? I don't think mobile browsers indicate HTTPS connections. Does anyone?
- 14:07:20 [francois]
- ack tomhume
- 14:07:42 [andrews]
- tomhume: Fixed web uses have address bar and security icon.
- 14:07:43 [SeanP]
- q+
- 14:07:57 [andrews]
- ... this is missing in a mobile context
- 14:08:06 [andrews]
- q+
- 14:08:11 [francois]
- ack SeanP
- 14:08:47 [francois]
- ack andrews
- 14:08:52 [andrews]
- SeanP: Padlock security icon is on many mobile browsers but info page must be viewed to display URL
- 14:09:33 [francois]
- andrews: I disagree with the quotation about man-in-the-middle attack. The user will have to be advised, so it's not an attack.
- 14:11:43 [andrews]
- francois: Agrees that the use of "attack" is not quite correct but point is that there is no indication to the user that the page is intercepted
- 14:12:11 [andrews]
- Andrew: there is visual indication on Vodafone pages of CT in process
- 14:12:28 [jo]
- q+ to suggest that the wording we have proposed should cover this so why don't we see how it flies
- 14:12:39 [francois]
- ack jo
- 14:12:39 [Zakim]
- jo, you wanted to suggest that the wording we have proposed should cover this so why don't we see how it flies
- 14:12:50 [andrews]
- Francois: Happy with outcome of discussion last week on HTTP. Jo, do you need more?
- 14:13:26 [andrews]
- Jo: Have enough for editing guidelines. Will post proposed text on list.
- 14:13:37 [jo]
- ACTION: Jo to redraft HTTPS section for discussion on list
- 14:13:37 [trackbot]
- Created ACTION-864 - Redraft HTTPS section for discussion on list [on Jo Rabin - due 2008-10-21].
- 14:13:53 [andrews]
- Topic: LC-2019: POST/GET conversion
- 14:14:07 [francois]
- -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2019 LC-2019 comment
- 14:15:23 [andrews]
- rob: comment was we should add note that posts should not be translated into gets and vice versa
- 14:15:34 [Zakim]
- +Bryan_Sullivan
- 14:15:43 [jo]
- q+ to suggest that we elaborate the bit on changing HEAD to GET to say that other conversions are not allowed
- 14:15:53 [andrews]
- francois: this is in the HTTP standard. Do we need to restated this?
- 14:16:01 [francois]
- ack jo
- 14:16:01 [Zakim]
- jo, you wanted to suggest that we elaborate the bit on changing HEAD to GET to say that other conversions are not allowed
- 14:16:21 [andrews]
- rob: Agreed. No strong feeling either way.
- 14:16:50 [andrews]
- Jo: Let's say Head to Get is OK but other method changing must not be done
- 14:17:11 [francois]
- PROPOSED RESOLUTION: re. LC-2019, amend text on conversion between HEAD and GET to say that other conversions are not allowed, and resolve partial to LC-2019
- 14:17:13 [andrews]
- rob: Good point; let's do it.
- 14:17:29 [rob]
- +1
- 14:17:29 [jo]
- +1
- 14:17:29 [francois]
- +1
- 14:17:30 [andrews]
- +1
- 14:17:30 [tomhume]
- +1
- 14:17:39 [andrews]
- RESOLUTION: re. LC-2019, amend text on conversion between HEAD and GET to say that other conversions are not allowed, and resolve partial to LC-2019
- 14:17:56 [andrews]
- Topic: LC-2034: Applicable HTTP methods (ยง4.1.1)
- 14:18:04 [francois]
- -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2034 LC-2034
- 14:19:32 [andrews]
- rob: Other exotic methods available. We are only concerned with Get, Post and Head.
- 14:20:05 [andrews]
- francois: Comment was that there could be new methods in the future
- 14:21:09 [andrews]
- Brian: Heard that Connect method could be used for adaptation but a Connect is a clear indication that user wants a secure connection to the end server
- 14:21:46 [andrews]
- Rob: A Connect should indicate "no adaptation - just tunnel"
- 14:22:26 [andrews]
- ,,, worth mentioning Connect in guide lines
- 14:22:56 [jo]
- q+ to say that as Rob puts it, the scope is limited to HEAD GET and POST don't think we should mention CONNECT
- 14:23:10 [francois]
- ack jo
- 14:23:10 [Zakim]
- jo, you wanted to say that as Rob puts it, the scope is limited to HEAD GET and POST don't think we should mention CONNECT
- 14:23:15 [andrews]
- Brian: Cannot have adaptation with Connect
- 14:23:48 [francois]
- "The scope of content that proxies transform is typically limited to GET, POST and HEAD HTTP requests. Proxies should not intervene in other HTTP methods."
- 14:24:25 [andrews]
- q+
- 14:24:30 [francois]
- ack andrews
- 14:25:04 [jo]
- PROPOSED RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses
- 14:25:50 [rob]
- +1
- 14:25:53 [francois]
- +1
- 14:26:00 [SeanP]
- +1
- 14:26:08 [andrews]
- Andrew: But HTTPS links can e rewriten on HTTP pages. then CT proxy becomes a content server.
- 14:26:11 [jo]
- PROPOSED RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses and resolve "no"
- 14:26:18 [francois]
- +1
- 14:26:25 [andrews]
- +1
- 14:26:52 [tomhume]
- +1
- 14:26:52 [andrews]
- RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses and resolve "no"
- 14:26:53 [andrews]
- RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses and resolve "no"
- 14:26:53 [rob]
- q+
- 14:27:11 [SeanP]
- q+
- 14:27:36 [francois]
- ack rob
- 14:27:40 [andrews]
- Brian: There should be no use of Put method in CT
- 14:27:56 [francois]
- ack SeanP
- 14:27:59 [andrews]
- rob: Put is used for creating web sites rather than browsing
- 14:28:20 [andrews]
- SeanP: Agree. Why did we put it in in the first place?
- 14:28:22 [tomhume]
- q+ to point out that other applications beyond browsers might be passed through transforming proxies
- 14:28:40 [andrews]
- francois: It was included as a common HTTP method
- 14:28:42 [francois]
- ack tomhume
- 14:28:42 [Zakim]
- tomhume, you wanted to point out that other applications beyond browsers might be passed through transforming proxies
- 14:29:12 [andrews]
- tomhume: Not a method used by browsers but there may be other applications that use Put
- 14:29:26 [jo]
- q+ to point out to tom that the document says that its scope is browsing only
- 14:29:40 [francois]
- ack jo
- 14:29:40 [Zakim]
- jo, you wanted to point out to tom that the document says that its scope is browsing only
- 14:30:52 [andrews]
- jo: We are careful to limit discussion to the browsing context and CT proxy should be sure that it is dealing with a browser. We can not practically discuss every application.
- 14:31:22 [andrews]
- Topic: LC-1997, LC-2006, LC-2014, : Original HTTP headers in X-Device-foo
- 14:31:37 [francois]
- -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/1997 LC-1997
- 14:31:46 [francois]
- -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2006 LC-2006
- 14:31:53 [francois]
- -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2014 LC-2014
- 14:33:44 [andrews]
- francois: Tried to gather statistics on refused pages. One figure from Brian - thanks.
- 14:33:52 [rob]
- q+ to summarise that IF headers are changed THEN x-device- echoing is useful
- 14:34:04 [francois]
- ack rob
- 14:34:04 [Zakim]
- rob, you wanted to summarise that IF headers are changed THEN x-device- echoing is useful
- 14:34:49 [jo]
- q+ to say that LC-1997 suggests that since the world is flat there is no need for spherical geometry
- 14:35:07 [andrews]
- rob: If we allow user agent header then echoing the header is a good idea. Raises original question of whether we should rewrite headers.
- 14:35:30 [francois]
- ack jo
- 14:35:30 [Zakim]
- jo, you wanted to say that LC-1997 suggests that since the world is flat there is no need for spherical geometry
- 14:36:57 [andrews]
- jo: LC-1997 is more of a political statement. Think that it is OK to change the accept headers if a CT proxy. Separate question is whether we should change the user-agent header.
- 14:38:29 [jo]
- PROPOSED RESOLUTION: ref LC-1997, 2006 and 2014, we say that if a proxy changes headers then it must include a new X-Device- header, it should not change headers "unnecessarily" and it should not delete headers
- 14:39:16 [jo]
- q+ to answer bryan
- 14:40:32 [francois]
- ack jo
- 14:40:32 [Zakim]
- jo, you wanted to answer bryan
- 14:40:34 [SeanP]
- q+
- 14:40:37 [andrews]
- Brian: Reason to send original heads is to provide statistical information to site owners to allow them to better serve their users
- 14:41:34 [andrews]
- jo: Other reasons for the original headers. In some sites more than the user-agent is used to decide what content to return.
- 14:41:50 [francois]
- ack SeanP
- 14:42:20 [jo]
- s/Brian/Bryan/
- 14:42:42 [andrews]
- SeanP: Novarra has been sending out x-device headers for sometime and has heard that content providers use these to determine what content to send out
- 14:44:23 [jo]
- zakim, mute me
- 14:44:23 [Zakim]
- jo should now be muted
- 14:45:24 [jo]
- ack me
- 14:45:39 [francois]
- -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2046 LC-2046 on HTTP headers deletion
- 14:45:44 [jo]
- PROPOSED RESOLUTION: ref LC-1997, 2006 and 2014, 2046 we say that if a proxy changes headers then it must include a new X-Device- header, it should not change headers "unnecessarily" and it should not delete headers
- 14:45:49 [Zakim]
- -Bryan_Sullivan
- 14:46:00 [andrews]
- q+
- 14:46:25 [Zakim]
- +Bryan_Sullivan
- 14:48:00 [andrews]
- jo: Thinks that it is not necessary to change headers other than accept and accept-charset
- 14:48:30 [andrews]
- Bryan: Knows that users use user-agent and UAProf
- 14:50:20 [francois]
- ack andrews
- 14:50:36 [SeanP]
- q+
- 14:50:57 [jo]
- s/Thinks that it is not necessary to change headers other than accept and accept-charset/Thinks that it is not necessary to change headers other than accept and accept-charset - if one leaves aside for a moment the question of User Agent (and UAProf)
- 14:51:29 [francois]
- ack SeanP
- 14:51:45 [jo]
- q+ to say that one person's unnecessary is another person's essential
- 14:52:35 [andrews]
- andrews: concerned that the proposed resolution is strong and a major addition to existing guide lines. Needs careful consideration.
- 14:52:51 [andrews]
- SeanP: Unclear what we are discussing
- 14:53:01 [francois]
- ack jo
- 14:53:01 [Zakim]
- jo, you wanted to say that one person's unnecessary is another person's essential
- 14:54:23 [francois]
- -> http://www.w3.org/TR/2008/WD-ct-guidelines-20080801/#sec-altering-header-values section 4.1.5 on Alteration of HTTP Header Values
- 14:54:51 [rob]
- q+ about HTTP 200 "Your browser is not supported" errors
- 14:55:39 [andrews]
- jo: We need to focus on what other headers may or may not be removed which could be used by sites in ways unpredicted by us.
- 14:55:47 [francois]
- Headers that may need to be changed:
- 14:55:50 [francois]
- - User-Agent
- 14:55:52 [francois]
- - UAProf
- 14:55:52 [andrews]
- ...Which headers need to be changed?
- 14:55:55 [francois]
- - Accept
- 14:56:01 [francois]
- - Accept-Charset
- 14:56:15 [Bryan]
- Bryan has joined #bpwg
- 14:56:17 [francois]
- ack rob
- 14:56:23 [Bryan]
- q+
- 14:56:55 [andrews]
- rob: No statistical evidence about sites that complain about wrong browsers.
- 14:57:32 [andrews]
- ...Long tail sites are likely to complain.
- 14:57:40 [francois]
- ack Bryan
- 14:58:45 [andrews]
- Bryan: Echo point about the long tail. This is where CT realy adds value.
- 14:58:49 [andrews]
- q+
- 14:58:52 [SeanP]
- q+
- 14:58:53 [francois]
- ack andrews
- 14:59:38 [francois]
- ack SeanP
- 14:59:46 [andrews]
- andrews: do we need to change UAProf?
- 15:00:01 [francois]
- - Accept-Encoding
- 15:00:06 [francois]
- - Accept-Language
- 15:00:13 [andrews]
- SeanP: Novarra changes accept-encoding and accept-language
- 15:00:39 [jo]
- [so it's basically Accept-*]
- 15:00:59 [andrews]
- q+
- 15:01:03 [francois]
- ack andrews
- 15:01:43 [SeanP]
- q+
- 15:01:46 [jo]
- perhaps we should say "replace" rather than "change" when referring to this
- 15:01:56 [francois]
- ack SeanP
- 15:01:58 [andrews]
- andrews: Does "change" include "remove"
- 15:02:26 [andrews]
- rob: Headers are not removed.
- 15:02:49 [SeanP]
- I'll be there.
- 15:03:46 [andrews]
- francois: Will prepare a detailed agenda for the face-to-face next week
- 15:03:49 [tomhume]
- thanks all
- 15:03:50 [Zakim]
- -Bryan_Sullivan
- 15:03:51 [Zakim]
- -rob
- 15:03:56 [Zakim]
- -SeanP
- 15:04:04 [Zakim]
- -tomhume
- 15:04:10 [jo]
- zakim, drop me
- 15:04:10 [Zakim]
- jo is being disconnected
- 15:04:12 [Zakim]
- -jo
- 15:04:14 [Zakim]
- -Francois
- 15:04:15 [Zakim]
- MWI_BPWG(CTTF)10:00AM has ended
- 15:04:16 [Zakim]
- Attendees were jo, SeanP, andrews, tomhume, Francois, rob, Bryan_Sullivan
- 15:07:09 [francois]
- RRSAgent, draft minutes
- 15:07:09 [RRSAgent]
- I have made the request to generate http://www.w3.org/2008/10/14-bpwg-minutes.html francois
- 15:09:45 [rob]
- rob has left #bpwg
- 15:45:16 [francois]
- RRSAgent, bye
- 15:45:16 [RRSAgent]
- I see 1 open action item saved in http://www.w3.org/2008/10/14-bpwg-actions.rdf :
- 15:45:16 [RRSAgent]
- ACTION: Jo to redraft HTTPS section for discussion on list [1]
- 15:45:16 [RRSAgent]
- recorded in http://www.w3.org/2008/10/14-bpwg-irc#T14-13-37