[{"author": "Francesca Palombini", "text": "
Hi Julian!
", "time": "2023-03-28T06:30:00Z"}, {"author": "Julian Reschke", "text": "the agenda buttons for the notepad and the full video client seem to be off by one row (in Firefox)
", "time": "2023-03-28T06:32:27Z"}, {"author": "Julian Reschke", "text": "clicking them takes me to \"tigress\"
", "time": "2023-03-28T06:32:38Z"}, {"author": "Chris Lemmons", "text": "I've experienced that in the past with Chrome.
", "time": "2023-03-28T06:33:02Z"}, {"author": "Francesca Palombini", "text": "oh really? full video worked fine on chrome
", "time": "2023-03-28T06:33:05Z"}, {"author": "Julian Reschke", "text": "thanks, Justin
", "time": "2023-03-28T06:40:48Z"}, {"author": "Julian Reschke", "text": "FWIW, this was about https://github.com/httpwg/http-extensions/issues/2417
", "time": "2023-03-28T06:40:59Z"}, {"author": "Martin Thomson", "text": "Why are service workers doing service function chaining?
", "time": "2023-03-28T06:42:17Z"}, {"author": "Martin Thomson", "text": "and why is a cookie spec talking about that?
", "time": "2023-03-28T06:42:36Z"}, {"author": "Benjamin Schwartz", "text": "@Martin Thomson because MASQUE.
", "time": "2023-03-28T06:43:19Z"}, {"author": "Tommy Pauly", "text": "Why masque?
", "time": "2023-03-28T06:43:54Z"}, {"author": "Lucas Pardue", "text": "huh
", "time": "2023-03-28T06:43:58Z"}, {"author": "Benjamin Schwartz", "text": "(This is a joke. \"SFC\" in the slides is \"Site for Cookies\".)
", "time": "2023-03-28T06:45:25Z"}, {"author": "Tommy Pauly", "text": "Heh =)
", "time": "2023-03-28T06:46:49Z"}, {"author": "Chris Lemmons", "text": "Inner lists aren't valid parameter values, iirc.
", "time": "2023-03-28T07:00:11Z"}, {"author": "Lucas Pardue", "text": "what Chris said
", "time": "2023-03-28T07:01:13Z"}, {"author": "Tommy Pauly", "text": "That may be why I didn't use that =)
", "time": "2023-03-28T07:01:30Z"}, {"author": "Julian Reschke", "text": "maybe a whitespace (SP) delimited list would be better here
", "time": "2023-03-28T07:01:38Z"}, {"author": "Mark Nottingham", "text": "Ah, that's right
", "time": "2023-03-28T07:02:22Z"}, {"author": "Tommy Pauly", "text": "Yeah:
\nparam-value = bare-item
any format changes now would break deployments, I'm not sure how you'd coordinate that
", "time": "2023-03-28T07:02:44Z"}, {"author": "Mark Nottingham", "text": "different name
", "time": "2023-03-28T07:02:54Z"}, {"author": "Tommy Pauly", "text": "Well we could coordinate easily enough, not an issue
", "time": "2023-03-28T07:03:03Z"}, {"author": "Lucas Pardue", "text": "I'd have to send both headers /groan
", "time": "2023-03-28T07:03:18Z"}, {"author": "Tommy Pauly", "text": "But I'm not sure that a whitespace separated list is notably more useful than comma-separated
", "time": "2023-03-28T07:03:23Z"}, {"author": "Lucas Pardue", "text": ":point_up:
", "time": "2023-03-28T07:03:40Z"}, {"author": "Julian Reschke", "text": "How common is SP in a DNS name?
", "time": "2023-03-28T07:04:01Z"}, {"author": "Tommy Pauly", "text": "(Lucas, you would just send the new format in the existing name and the old client would just deal with failing parsing.)
", "time": "2023-03-28T07:04:05Z"}, {"author": "Tommy Pauly", "text": "Commas and SP are both essentially never in a DNS name
", "time": "2023-03-28T07:04:18Z"}, {"author": "Christopher Wood", "text": "@Ben: what was the rationale to use a new header name for this?
", "time": "2023-03-28T07:04:23Z"}, {"author": "Lucas Pardue", "text": "fair tommy
", "time": "2023-03-28T07:04:29Z"}, {"author": "Christopher Wood", "text": "(I missed what David said at the mic)
", "time": "2023-03-28T07:04:30Z"}, {"author": "Benjamin Schwartz", "text": "@Christopher Wood There was always a new header name. My comment was that this header should share the auth \"scheme\" namespace with WWW-Authenticate, which supports a wider range of use cases.
", "time": "2023-03-28T07:05:20Z"}, {"author": "Christopher Wood", "text": "@Benjamin Schwartz got it. What're your thoughts on just using the existing header names?
", "time": "2023-03-28T07:06:54Z"}, {"author": "Jonathan Lennox", "text": "Hash Function Textual Names come from TLS certificate fingerprints in SDP.
", "time": "2023-03-28T07:07:42Z"}, {"author": "Benjamin Schwartz", "text": "@Christopher Wood I don't have a strong opinion on that. I think \"Unprompted-Authentication\" might be helpful to a person trying to understand query logs, but functionally I don't think it is necessary.
", "time": "2023-03-28T07:08:51Z"}, {"author": "Christopher Wood", "text": ":+1:
", "time": "2023-03-28T07:09:02Z"}, {"author": "Jonathan Hoyland", "text": "RSA-PSS makes me sad
", "time": "2023-03-28T07:11:03Z"}, {"author": "Martin Thomson", "text": "alg=none is amaaaAAAaaazing
", "time": "2023-03-28T07:11:24Z"}, {"author": "Jonathan Hoyland", "text": "It's certainly easy to implement correctly
", "time": "2023-03-28T07:11:49Z"}, {"author": "Julian Reschke", "text": "or \"norway\" (YAML)
", "time": "2023-03-28T07:12:01Z"}, {"author": "Martin Thomson", "text": "https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#name-initial-contents seems pretty solid
", "time": "2023-03-28T07:14:18Z"}, {"author": "Martin Thomson", "text": "though I might like to discourage rsa-v1_5-sha256 use
", "time": "2023-03-28T07:14:43Z"}, {"author": "Jonathan Hoyland", "text": "Cutting HMACs would probably make a formal analysis easier.
", "time": "2023-03-28T07:16:32Z"}, {"author": "Martin Thomson", "text": "probably a lot easier
", "time": "2023-03-28T07:16:59Z"}, {"author": "Martin Thomson", "text": "we would want to only take recommended schemes from TLS
", "time": "2023-03-28T07:17:11Z"}, {"author": "Chris Lemmons", "text": "+1
", "time": "2023-03-28T07:17:50Z"}, {"author": "Julian Reschke", "text": "+1
", "time": "2023-03-28T07:18:34Z"}, {"author": "Alan Frindell", "text": "Switching to Authorization header does give you better compression properties
", "time": "2023-03-28T07:18:42Z"}, {"author": "Martin Thomson", "text": "No concern, except that the Authorization header is pure jank from a syntactic perspective.
", "time": "2023-03-28T07:18:55Z"}, {"author": "Chris Lemmons", "text": "The only situation that would cause a problem here is if you somehow wanted to include both Authorization AND Unprompted-Authorization. I'm not sure that's a real use case, though.
", "time": "2023-03-28T07:19:12Z"}, {"author": "Tommy Pauly", "text": "Total jank, yes
", "time": "2023-03-28T07:19:50Z"}, {"author": "Jonathan Lennox", "text": "Doesn't Digest need the challenge in the 401?
", "time": "2023-03-28T07:21:22Z"}, {"author": "Chris Lemmons", "text": "We don't want the text here to make readers assume that it's creating an exclusive situation.
", "time": "2023-03-28T07:22:11Z"}, {"author": "Julian Reschke", "text": "FWIW: I'm looking into revising Basic soonish to clarify the UTF-8 changes that happened lately
", "time": "2023-03-28T07:22:16Z"}, {"author": "Lucas Pardue", "text": "lets call is spontaneous compunction
", "time": "2023-03-28T07:23:38Z"}, {"author": "Mark Thomas", "text": "I don't believe you can do DIGEST unprompted.
", "time": "2023-03-28T07:24:59Z"}, {"author": "Benjamin Schwartz", "text": "@Jonathan Hoyland Nit: It's the other way: Channel-bound auth _to_ the proxy is fine.
", "time": "2023-03-28T07:25:46Z"}, {"author": "Martin Thomson", "text": "@Mark Thomas yeah, you need a challenge
", "time": "2023-03-28T07:25:57Z"}, {"author": "Tommy Pauly", "text": "Right it's auth to the proxy
", "time": "2023-03-28T07:25:57Z"}, {"author": "Martin Thomson", "text": "but if the idea is that you got the challenge from elsewhere and the server is OK with that, then I guess we're fine
", "time": "2023-03-28T07:26:23Z"}, {"author": "Jonathan Hoyland", "text": "And the backend server doesn't know if it succeeded
", "time": "2023-03-28T07:26:26Z"}, {"author": "Martin Thomson", "text": "that's not really a protocol per se, but more of a private arrangement, which is very much in the spirit of the draft, but unnecessary for us to standardize
", "time": "2023-03-28T07:27:03Z"}, {"author": "Martin Thomson", "text": "You can't get the stream ID in most cases
", "time": "2023-03-28T07:28:39Z"}, {"author": "Mark Nottingham", "text": "see also https://github.com/httpwg/http-extensions/issues/2280
", "time": "2023-03-28T07:28:57Z"}, {"author": "Mark Nottingham", "text": "(re syntax)
", "time": "2023-03-28T07:29:01Z"}, {"author": "Martin Thomson", "text": "my response to Kazuho was \"...but what does Realm even mean?\"
", "time": "2023-03-28T07:32:14Z"}, {"author": "Lucas Pardue", "text": "Chris image.png
\n ", "time": "2023-03-28T07:32:46Z"}, {"author": "Francesca Palombini", "text": "thank you! bye
", "time": "2023-03-28T07:32:48Z"}, {"author": "Martin Thomson", "text": "@David Schinazi re key reuse and context strings: por que no los dos
", "time": "2023-03-28T07:32:52Z"}]