13:58:17 <RRSAgent> RRSAgent has joined #bpwg
13:58:17 <RRSAgent> logging to http://www.w3.org/2008/10/14-bpwg-irc
13:58:19 <trackbot> RRSAgent, make logs public
13:58:19 <Zakim> Zakim has joined #bpwg
13:58:21 <trackbot> Zakim, this will be BPWG
13:58:21 <Zakim> ok, trackbot; I see MWI_BPWG(CTTF)10:00AM scheduled to start in 2 minutes
13:58:22 <trackbot> Meeting: Mobile Web Best Practices Working Group Teleconference
13:58:22 <trackbot> Date: 14 October 2008
13:59:54 <jo> jo has joined #bpwg
14:00:06 <francois> Chair: francois
14:00:08 <SeanP> SeanP has joined #bpwg
14:00:29 <francois> Agenda: http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Oct/0018.html
14:00:40 <Zakim> MWI_BPWG(CTTF)10:00AM has now started
14:00:47 <Zakim> +??P7
14:01:00 <jo> zakim, ??p7 is me
14:01:00 <Zakim> +jo; got it
14:01:40 <Zakim> +SeanP
14:01:43 <Zakim> +??P15
14:01:51 <Zakim> +andrews
14:02:11 <tomhume> zakim, +??P15 is me
14:02:14 <Zakim> sorry, tomhume, I do not recognize a party named '+??P15'
14:02:21 <tomhume> zakim, ??P15 is me
14:02:21 <Zakim> +tomhume; got it
14:02:33 <Zakim> +Francois
14:02:46 <andrews> andrews has joined #bpwg
14:03:13 <francois> zakim, who is on the phone?
14:03:23 <Zakim> On the phone I see jo, SeanP, tomhume, andrews, Francois
14:04:27 <francois> Scribe: andrews
14:04:31 <francois> ScribeNick: andrews
14:05:33 <andrews> Francois: Heiko is moving to another role so will not be joining this call or future calls
14:05:39 <andrews> Topic: HTTPS links re-writing 
14:05:53 <francois> -> http://lists.w3.org/Archives/Public/public-bpwg-ct/2008Oct/0014.html FD's email to IETF TLS WG
14:06:06 <rob> rob has joined #bpwg
14:06:20 <francois> "Since this is a man-in-the-middle attack, it would be interesting to
14:06:20 <francois> know how browsers react in that case. It should be have been made clear
14:06:20 <francois> to the user which site he connected to (www.proxy.com instead of
14:06:20 <francois> www.amazon.com)."
14:07:09 <tomhume> q+
14:07:11 <Zakim> +rob
14:07:12 <andrews> Francois: Any view? I don't think mobile browsers indicate HTTPS connections. Does anyone?
14:07:20 <francois> ack tomhume 
14:07:42 <andrews> tomhume: Fixed web uses have address bar and security icon.
14:07:43 <SeanP> q+
14:07:57 <andrews> ... this is missing in a mobile context
14:08:06 <andrews> q+
14:08:11 <francois> ack SeanP 
14:08:47 <francois> ack andrews 
14:08:52 <andrews> SeanP: Padlock security icon is on many mobile browsers but info page must be viewed to display URL
14:09:33 <francois> andrews: I disagree with the quotation about man-in-the-middle attack. The user will have to be advised, so it's not an attack.
14:11:43 <andrews> francois: Agrees that the use of "attack" is not quite correct but point is that there is no indication to the user that the page is intercepted
14:12:11 <andrews> Andrew: there is visual indication on Vodafone pages of CT in process
14:12:28 <jo> q+ to suggest that the wording we have proposed should cover this so why don't we see how it flies
14:12:39 <francois> ack jo
14:12:39 <Zakim> jo, you wanted to suggest that the wording we have proposed should cover this so why don't we see how it flies
14:12:50 <andrews> Francois: Happy with outcome of discussion last week on HTTP. Jo, do you need more?
14:13:26 <andrews> Jo: Have enough for editing guidelines. Will post proposed text on list.
14:13:37 <jo> ACTION: Jo to redraft HTTPS section for discussion on list
14:13:37 <trackbot> Created ACTION-864 - Redraft HTTPS section for discussion on list [on Jo Rabin - due 2008-10-21].
14:13:53 <andrews> Topic: LC-2019: POST/GET conversion 
14:14:07 <francois> -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2019 LC-2019 comment
14:15:23 <andrews> rob: comment was we should add note that posts should not be translated into gets and vice versa
14:15:34 <Zakim> +Bryan_Sullivan
14:15:43 <jo> q+ to suggest that we elaborate the bit on changing HEAD to GET to say that other conversions are not allowed
14:15:53 <andrews> francois: this is in the HTTP standard. Do we need to restated this?
14:16:01 <francois> ack jo 
14:16:01 <Zakim> jo, you wanted to suggest that we elaborate the bit on changing HEAD to GET to say that other conversions are not allowed
14:16:21 <andrews> rob: Agreed. No strong feeling either way.
14:16:50 <andrews> Jo: Let's say Head to Get is OK but other method changing must not be done
14:17:11 <francois> PROPOSED RESOLUTION: re. LC-2019, amend text on conversion between HEAD and GET to say that other conversions are not allowed, and resolve partial to LC-2019
14:17:13 <andrews> rob: Good point; let's do it.
14:17:29 <rob> +1
14:17:29 <jo> +1
14:17:29 <francois> +1
14:17:30 <andrews> +1
14:17:30 <tomhume> +1
14:17:39 <andrews> RESOLUTION: re. LC-2019, amend text on conversion between HEAD and GET to say that other conversions are not allowed, and resolve partial to LC-2019
14:17:56 <andrews> Topic: LC-2034: Applicable HTTP methods (§4.1.1) 
14:18:04 <francois> -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2034 LC-2034
14:19:32 <andrews> rob: Other exotic methods available. We are only concerned with Get, Post and Head.
14:20:05 <andrews> francois: Comment was that there could be new methods in the future
14:21:09 <andrews> Brian: Heard that Connect method could be used for adaptation but a Connect is a clear indication that user wants a secure connection to the end server
14:21:46 <andrews> Rob: A Connect should indicate "no adaptation - just tunnel"
14:22:26 <andrews> ,,, worth mentioning Connect in guide lines
14:22:56 <jo> q+ to say that as Rob puts it, the scope is limited to HEAD GET and POST don't think we should mention CONNECT
14:23:10 <francois> ack jo
14:23:10 <Zakim> jo, you wanted to say that as Rob puts it, the scope is limited to HEAD GET and POST don't think we should mention CONNECT
14:23:15 <andrews> Brian: Cannot have adaptation with Connect
14:23:48 <francois> "The scope of content that proxies transform is typically limited to GET, POST and HEAD HTTP requests. Proxies should not intervene in other HTTP methods."
14:24:25 <andrews> q+
14:24:30 <francois> ack andrews 
14:25:04 <jo> PROPOSED RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses
14:25:50 <rob> +1
14:25:53 <francois> +1
14:26:00 <SeanP> +1
14:26:08 <andrews> Andrew: But HTTPS links can e rewriten on HTTP pages. then CT proxy becomes a content server.
14:26:11 <jo> PROPOSED RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses and resolve "no"
14:26:18 <francois> +1
14:26:25 <andrews> +1
14:26:52 <tomhume> +1
14:26:52 <andrews> RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses and resolve "no"
14:26:53 <andrews> RESOLUTION: ref LC-2034, we clarify that the scope of the document is limited to GET, POST, HEAD requests and their responses and resolve "no"
14:26:53 <rob> q+
14:27:11 <SeanP> q+
14:27:36 <francois> ack rob 
14:27:40 <andrews> Brian: There should be no use of Put method in CT
14:27:56 <francois> ack SeanP 
14:27:59 <andrews> rob: Put is used for creating web sites rather than browsing
14:28:20 <andrews> SeanP: Agree. Why did we put it in in the first place?
14:28:22 <tomhume> q+ to point out that other applications beyond browsers might be passed through transforming proxies
14:28:40 <andrews> francois: It was included as a common HTTP method
14:28:42 <francois> ack tomhume 
14:28:42 <Zakim> tomhume, you wanted to point out that other applications beyond browsers might be passed through transforming proxies
14:29:12 <andrews> tomhume: Not a method used by browsers but there may be other applications that use Put
14:29:26 <jo> q+ to point out to tom that the document says that its scope is browsing only
14:29:40 <francois> ack jo 
14:29:40 <Zakim> jo, you wanted to point out to tom that the document says that its scope is browsing only
14:30:52 <andrews> jo: We are careful to limit discussion to the browsing context and CT proxy should be sure that it is dealing with a browser. We can not practically discuss every application.
14:31:22 <andrews> Topic: LC-1997, LC-2006, LC-2014, : Original HTTP headers in X-Device-foo 
14:31:37 <francois> -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/1997 LC-1997
14:31:46 <francois> -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2006 LC-2006
14:31:53 <francois> -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2014 LC-2014
14:33:44 <andrews> francois: Tried to gather statistics on refused pages. One figure from Brian - thanks.
14:33:52 <rob> q+ to summarise that IF headers are changed THEN x-device- echoing is useful
14:34:04 <francois> ack rob 
14:34:04 <Zakim> rob, you wanted to summarise that IF headers are changed THEN x-device- echoing is useful
14:34:49 <jo> q+ to say that LC-1997 suggests that since the world is flat there is no need for spherical geometry
14:35:07 <andrews> rob: If we allow user agent header then echoing the header is a good idea. Raises original question of whether we should rewrite headers.
14:35:30 <francois> ack jo 
14:35:30 <Zakim> jo, you wanted to say that LC-1997 suggests that since the world is flat there is no need for spherical geometry
14:36:57 <andrews> jo: LC-1997 is more of a political statement. Think that it is OK to change the accept  headers if a CT proxy. Separate question is whether we should change the user-agent header.
14:38:29 <jo> PROPOSED RESOLUTION: ref LC-1997, 2006 and 2014, we say that if a proxy changes headers then it must include a new X-Device- header, it should not change headers "unnecessarily" and it should not delete headers 
14:39:16 <jo> q+ to answer bryan
14:40:32 <francois> ack jo
14:40:32 <Zakim> jo, you wanted to answer bryan
14:40:34 <SeanP> q+
14:40:37 <andrews> Brian: Reason to send original heads is to provide statistical information to site owners to allow them to better serve their users
14:41:34 <andrews> jo: Other reasons for the original headers. In some sites more than the user-agent is used to decide what content to return.
14:41:50 <francois> ack SeanP 
14:42:20 <jo> s/Brian/Bryan/
14:42:42 <andrews> SeanP: Novarra has been sending out x-device headers for sometime and has heard that content providers use these to determine what content to send out
14:44:23 <jo> zakim, mute me
14:44:23 <Zakim> jo should now be muted
14:45:24 <jo> ack me
14:45:39 <francois> -> http://www.w3.org/2006/02/lc-comments-tracker/37584/WD-ct-guidelines-20080801/2046 LC-2046 on HTTP headers deletion
14:45:44 <jo> PROPOSED RESOLUTION: ref LC-1997, 2006 and 2014, 2046 we say that if a proxy changes headers then it must include a new X-Device- header, it should not change headers "unnecessarily" and it should not delete headers 
14:45:49 <Zakim> -Bryan_Sullivan
14:46:00 <andrews> q+
14:46:25 <Zakim> +Bryan_Sullivan
14:48:00 <andrews> jo: Thinks that it is not necessary to change headers other than accept and accept-charset
14:48:30 <andrews> Bryan: Knows that users use user-agent and UAProf
14:50:20 <francois> ack andrews 
14:50:36 <SeanP> q+
14:50:57 <jo> s/Thinks that it is not necessary to change headers other than accept and accept-charset/Thinks that it is not necessary to change headers other than accept and accept-charset - if one leaves aside for a moment the question of User Agent (and UAProf)
14:51:29 <francois> ack SeanP 
14:51:45 <jo> q+ to say that one person's unnecessary is another person's essential
14:52:35 <andrews> andrews: concerned that the proposed resolution is strong and a major addition to existing guide lines. Needs careful consideration.
14:52:51 <andrews> SeanP: Unclear what we are discussing
14:53:01 <francois> ack jo
14:53:01 <Zakim> jo, you wanted to say that one person's unnecessary is another person's essential
14:54:23 <francois> -> http://www.w3.org/TR/2008/WD-ct-guidelines-20080801/#sec-altering-header-values section 4.1.5 on Alteration of HTTP Header Values
14:54:51 <rob> q+ about HTTP 200 "Your browser is not supported" errors
14:55:39 <andrews> jo: We need to focus on what other headers may or may not be removed which could be used by sites in ways unpredicted by us.
14:55:47 <francois> Headers that may need to be changed:
14:55:50 <francois> - User-Agent
14:55:52 <francois> - UAProf
14:55:52 <andrews> ...Which headers need to be changed?
14:55:55 <francois> - Accept
14:56:01 <francois> - Accept-Charset
14:56:15 <Bryan> Bryan has joined #bpwg
14:56:17 <francois> ack rob 
14:56:23 <Bryan> q+
14:56:55 <andrews> rob: No statistical evidence about sites that complain about wrong browsers.
14:57:32 <andrews> ...Long tail sites are likely to complain. 
14:57:40 <francois> ack Bryan 
14:58:45 <andrews> Bryan: Echo point about the long tail. This is where CT realy adds value.
14:58:49 <andrews> q+
14:58:52 <SeanP> q+
14:58:53 <francois> ack andrews 
14:59:38 <francois> ack SeanP 
14:59:46 <andrews> andrews: do we need to change UAProf?
15:00:01 <francois> - Accept-Encoding
15:00:06 <francois> - Accept-Language
15:00:13 <andrews> SeanP: Novarra changes accept-encoding and accept-language
15:00:39 <jo> [so it's basically Accept-*]
15:00:59 <andrews> q+
15:01:03 <francois> ack andrews 
15:01:43 <SeanP> q+
15:01:46 <jo> perhaps we should say "replace" rather than "change" when referring to this
15:01:56 <francois> ack SeanP 
15:01:58 <andrews> andrews: Does "change" include "remove"
15:02:26 <andrews> rob: Headers are not removed. 
15:02:49 <SeanP> I'll be there.
15:03:46 <andrews> francois: Will prepare a detailed agenda for the face-to-face next week
15:03:49 <tomhume> thanks all
15:03:50 <Zakim> -Bryan_Sullivan
15:03:51 <Zakim> -rob
15:03:56 <Zakim> -SeanP
15:04:04 <Zakim> -tomhume
15:04:10 <jo> zakim, drop me
15:04:10 <Zakim> jo is being disconnected
15:04:12 <Zakim> -jo
15:04:14 <Zakim> -Francois
15:04:15 <Zakim> MWI_BPWG(CTTF)10:00AM has ended
15:04:16 <Zakim> Attendees were jo, SeanP, andrews, tomhume, Francois, rob, Bryan_Sullivan
15:07:09 <francois> RRSAgent, draft minutes
15:07:09 <RRSAgent> I have made the request to generate http://www.w3.org/2008/10/14-bpwg-minutes.html francois
15:09:45 <rob> rob has left #bpwg
15:45:16 <francois> RRSAgent, bye
15:45:16 <RRSAgent> I see 1 open action item saved in http://www.w3.org/2008/10/14-bpwg-actions.rdf :
15:45:16 <RRSAgent> ACTION: Jo to redraft HTTPS section for discussion on list [1]
15:45:16 <RRSAgent>   recorded in http://www.w3.org/2008/10/14-bpwg-irc#T14-13-37