[{"author": "Francesca Palombini", "text": "

Hi Julian!

", "time": "2023-03-28T06:30:00Z"}, {"author": "Julian Reschke", "text": "

the agenda buttons for the notepad and the full video client seem to be off by one row (in Firefox)

", "time": "2023-03-28T06:32:27Z"}, {"author": "Julian Reschke", "text": "

clicking them takes me to \"tigress\"

", "time": "2023-03-28T06:32:38Z"}, {"author": "Chris Lemmons", "text": "

I've experienced that in the past with Chrome.

", "time": "2023-03-28T06:33:02Z"}, {"author": "Francesca Palombini", "text": "

oh really? full video worked fine on chrome

", "time": "2023-03-28T06:33:05Z"}, {"author": "Julian Reschke", "text": "

thanks, Justin

", "time": "2023-03-28T06:40:48Z"}, {"author": "Julian Reschke", "text": "

FWIW, this was about https://github.com/httpwg/http-extensions/issues/2417

", "time": "2023-03-28T06:40:59Z"}, {"author": "Martin Thomson", "text": "

Why are service workers doing service function chaining?

", "time": "2023-03-28T06:42:17Z"}, {"author": "Martin Thomson", "text": "

and why is a cookie spec talking about that?

", "time": "2023-03-28T06:42:36Z"}, {"author": "Benjamin Schwartz", "text": "

@Martin Thomson because MASQUE.

", "time": "2023-03-28T06:43:19Z"}, {"author": "Tommy Pauly", "text": "

Why masque?

", "time": "2023-03-28T06:43:54Z"}, {"author": "Lucas Pardue", "text": "


", "time": "2023-03-28T06:43:58Z"}, {"author": "Benjamin Schwartz", "text": "

(This is a joke. \"SFC\" in the slides is \"Site for Cookies\".)

", "time": "2023-03-28T06:45:25Z"}, {"author": "Tommy Pauly", "text": "

Heh =)

", "time": "2023-03-28T06:46:49Z"}, {"author": "Chris Lemmons", "text": "

Inner lists aren't valid parameter values, iirc.

", "time": "2023-03-28T07:00:11Z"}, {"author": "Lucas Pardue", "text": "

what Chris said

", "time": "2023-03-28T07:01:13Z"}, {"author": "Tommy Pauly", "text": "

That may be why I didn't use that =)

", "time": "2023-03-28T07:01:30Z"}, {"author": "Julian Reschke", "text": "

maybe a whitespace (SP) delimited list would be better here

", "time": "2023-03-28T07:01:38Z"}, {"author": "Mark Nottingham", "text": "

Ah, that's right

", "time": "2023-03-28T07:02:22Z"}, {"author": "Tommy Pauly", "text": "

\nparam-value = bare-item

", "time": "2023-03-28T07:02:35Z"}, {"author": "Lucas Pardue", "text": "

any format changes now would break deployments, I'm not sure how you'd coordinate that

", "time": "2023-03-28T07:02:44Z"}, {"author": "Mark Nottingham", "text": "

different name

", "time": "2023-03-28T07:02:54Z"}, {"author": "Tommy Pauly", "text": "

Well we could coordinate easily enough, not an issue

", "time": "2023-03-28T07:03:03Z"}, {"author": "Lucas Pardue", "text": "

I'd have to send both headers /groan

", "time": "2023-03-28T07:03:18Z"}, {"author": "Tommy Pauly", "text": "

But I'm not sure that a whitespace separated list is notably more useful than comma-separated

", "time": "2023-03-28T07:03:23Z"}, {"author": "Lucas Pardue", "text": "


", "time": "2023-03-28T07:03:40Z"}, {"author": "Julian Reschke", "text": "

How common is SP in a DNS name?

", "time": "2023-03-28T07:04:01Z"}, {"author": "Tommy Pauly", "text": "

(Lucas, you would just send the new format in the existing name and the old client would just deal with failing parsing.)

", "time": "2023-03-28T07:04:05Z"}, {"author": "Tommy Pauly", "text": "

Commas and SP are both essentially never in a DNS name

", "time": "2023-03-28T07:04:18Z"}, {"author": "Christopher Wood", "text": "

@Ben: what was the rationale to use a new header name for this?

", "time": "2023-03-28T07:04:23Z"}, {"author": "Lucas Pardue", "text": "

fair tommy

", "time": "2023-03-28T07:04:29Z"}, {"author": "Christopher Wood", "text": "

(I missed what David said at the mic)

", "time": "2023-03-28T07:04:30Z"}, {"author": "Benjamin Schwartz", "text": "

@Christopher Wood There was always a new header name. My comment was that this header should share the auth \"scheme\" namespace with WWW-Authenticate, which supports a wider range of use cases.

", "time": "2023-03-28T07:05:20Z"}, {"author": "Christopher Wood", "text": "

@Benjamin Schwartz got it. What're your thoughts on just using the existing header names?

", "time": "2023-03-28T07:06:54Z"}, {"author": "Jonathan Lennox", "text": "

Hash Function Textual Names come from TLS certificate fingerprints in SDP.

", "time": "2023-03-28T07:07:42Z"}, {"author": "Benjamin Schwartz", "text": "

@Christopher Wood I don't have a strong opinion on that. I think \"Unprompted-Authentication\" might be helpful to a person trying to understand query logs, but functionally I don't think it is necessary.

", "time": "2023-03-28T07:08:51Z"}, {"author": "Christopher Wood", "text": "


", "time": "2023-03-28T07:09:02Z"}, {"author": "Jonathan Hoyland", "text": "

RSA-PSS makes me sad

", "time": "2023-03-28T07:11:03Z"}, {"author": "Martin Thomson", "text": "

alg=none is amaaaAAAaaazing

", "time": "2023-03-28T07:11:24Z"}, {"author": "Jonathan Hoyland", "text": "

It's certainly easy to implement correctly

", "time": "2023-03-28T07:11:49Z"}, {"author": "Julian Reschke", "text": "

or \"norway\" (YAML)

", "time": "2023-03-28T07:12:01Z"}, {"author": "Martin Thomson", "text": "

https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html#name-initial-contents seems pretty solid

", "time": "2023-03-28T07:14:18Z"}, {"author": "Martin Thomson", "text": "

though I might like to discourage rsa-v1_5-sha256 use

", "time": "2023-03-28T07:14:43Z"}, {"author": "Jonathan Hoyland", "text": "

Cutting HMACs would probably make a formal analysis easier.

", "time": "2023-03-28T07:16:32Z"}, {"author": "Martin Thomson", "text": "

probably a lot easier

", "time": "2023-03-28T07:16:59Z"}, {"author": "Martin Thomson", "text": "

we would want to only take recommended schemes from TLS

", "time": "2023-03-28T07:17:11Z"}, {"author": "Chris Lemmons", "text": "


", "time": "2023-03-28T07:17:50Z"}, {"author": "Julian Reschke", "text": "


", "time": "2023-03-28T07:18:34Z"}, {"author": "Alan Frindell", "text": "

Switching to Authorization header does give you better compression properties

", "time": "2023-03-28T07:18:42Z"}, {"author": "Martin Thomson", "text": "

No concern, except that the Authorization header is pure jank from a syntactic perspective.

", "time": "2023-03-28T07:18:55Z"}, {"author": "Chris Lemmons", "text": "

The only situation that would cause a problem here is if you somehow wanted to include both Authorization AND Unprompted-Authorization. I'm not sure that's a real use case, though.

", "time": "2023-03-28T07:19:12Z"}, {"author": "Tommy Pauly", "text": "

Total jank, yes

", "time": "2023-03-28T07:19:50Z"}, {"author": "Jonathan Lennox", "text": "

Doesn't Digest need the challenge in the 401?

", "time": "2023-03-28T07:21:22Z"}, {"author": "Chris Lemmons", "text": "

We don't want the text here to make readers assume that it's creating an exclusive situation.

", "time": "2023-03-28T07:22:11Z"}, {"author": "Julian Reschke", "text": "

FWIW: I'm looking into revising Basic soonish to clarify the UTF-8 changes that happened lately

", "time": "2023-03-28T07:22:16Z"}, {"author": "Lucas Pardue", "text": "

lets call is spontaneous compunction

", "time": "2023-03-28T07:23:38Z"}, {"author": "Mark Thomas", "text": "

I don't believe you can do DIGEST unprompted.

", "time": "2023-03-28T07:24:59Z"}, {"author": "Benjamin Schwartz", "text": "

@Jonathan Hoyland Nit: It's the other way: Channel-bound auth _to_ the proxy is fine.

", "time": "2023-03-28T07:25:46Z"}, {"author": "Martin Thomson", "text": "

@Mark Thomas yeah, you need a challenge

", "time": "2023-03-28T07:25:57Z"}, {"author": "Tommy Pauly", "text": "

Right it's auth to the proxy

", "time": "2023-03-28T07:25:57Z"}, {"author": "Martin Thomson", "text": "

but if the idea is that you got the challenge from elsewhere and the server is OK with that, then I guess we're fine

", "time": "2023-03-28T07:26:23Z"}, {"author": "Jonathan Hoyland", "text": "

And the backend server doesn't know if it succeeded

", "time": "2023-03-28T07:26:26Z"}, {"author": "Martin Thomson", "text": "

that's not really a protocol per se, but more of a private arrangement, which is very much in the spirit of the draft, but unnecessary for us to standardize

", "time": "2023-03-28T07:27:03Z"}, {"author": "Martin Thomson", "text": "

You can't get the stream ID in most cases

", "time": "2023-03-28T07:28:39Z"}, {"author": "Mark Nottingham", "text": "

see also https://github.com/httpwg/http-extensions/issues/2280

", "time": "2023-03-28T07:28:57Z"}, {"author": "Mark Nottingham", "text": "

(re syntax)

", "time": "2023-03-28T07:29:01Z"}, {"author": "Martin Thomson", "text": "

my response to Kazuho was \"...but what does Realm even mean?\"

", "time": "2023-03-28T07:32:14Z"}, {"author": "Lucas Pardue", "text": "

Chris image.png

", "time": "2023-03-28T07:32:46Z"}, {"author": "Francesca Palombini", "text": "

thank you! bye

", "time": "2023-03-28T07:32:48Z"}, {"author": "Martin Thomson", "text": "

@David Schinazi re key reuse and context strings: por que no los dos

", "time": "2023-03-28T07:32:52Z"}]