httpbis - Monday, July 21, 2014

httpbis

httpbis@jabber.ietf.org

Monday, July 21, 2014< ^ >

Julian has set the subject to: https://github.com/http2/wg_materials/blob/master/interim-14-01/agenda.md

Room Configuration

Room Occupants

GMT+0
[13:07:31] mcmanus joins the room
[13:45:00] loreto.salvatore joins the room
[15:27:58] loreto.salvatore leaves the room
[15:38:43] mcmanus leaves the room
[15:48:25] c joins the room
[15:48:33] c is now known as craigt
[16:01:53] Julian joins the room
[16:07:36] Julian has set the subject to: https://github.com/httpwg/wg-materials/blob/gh-pages/ietf90/agenda.md
[16:10:37] Julian leaves the room
[16:17:01] craigt leaves the room
[16:18:12] c joins the room
[16:29:47] mcmanus joins the room
[16:40:59] c leaves the room
[16:44:36] mcmanus joins the room
[16:44:44] mcmanus leaves the room
[16:47:33] Lorenzo Miniero joins the room
[16:47:58] c joins the room
[16:48:35] Julian joins the room
[16:48:36] mcmanus joins the room
[16:50:02] Martin Thomson joins the room
[16:51:56] Jay Klein joins the room
[16:52:26] Raffaello Secchi joins the room
[16:54:39] c is now known as craigt
[16:55:14] Jay Klein leaves the room
[16:58:34] Craig Taylor joins the room
[16:58:44] mcmanus leaves the room
[16:58:59] coopdanger joins the room
[16:59:02] Raffaello Secchi leaves the room
[16:59:18] kaduk joins the room
[16:59:21] Raffaello Secchi joins the room
[16:59:23] John Doe joins the room
[16:59:43] John Doe leaves the room
[17:00:11] <Lorenzo Miniero> just FYI, a Meetecho room with integrated slides and audio+video is available http://www.meetecho.com/ietf90/httpbis
[17:02:04] Steven Bibby joins the room
[17:02:33] frodek joins the room
[17:02:52] Cedric Gegout joins the room
[17:03:12] Ben Kaduk joins the room
[17:03:46] <Lorenzo Miniero> meeting started
[17:04:14] <Martin Thomson> https://www.youtube.com/watch?v=IFyxmdnv3qE
[17:04:24] hardie@xmpp.rg.net joins the room
[17:04:54] sftcd joins the room
[17:05:19] Erik Nygren joins the room
[17:05:21] <Lorenzo Miniero> Agenda: https://github.com/httpwg/wg-materials/blob/gh-pages/ietf90/agenda.md
[17:05:23] dkg joins the room
[17:05:25] Ken Murchison joins the room
[17:05:26] hildjj joins the room
[17:05:34] redaka joins the room
[17:05:38] Hervé joins the room
[17:05:53] Eliot Lear joins the room
[17:05:54] g.e.montenegro joins the room
[17:06:00] <hardie@xmpp.rg.net> If you have comments to relay to the room, please preface them with MIC: so I can see them easily.
[17:06:02] <hardie@xmpp.rg.net> thanks!
[17:06:03] <Eliot Lear> anyone got the ptr for etherpad?
[17:06:25] <Hervé> http://etherpad.tools.ietf.org:9000/p/ietf90-httpbis
[17:06:28] ben joins the room
[17:06:40] <Eliot Lear> thanks!
[17:06:43] kmurchison joins the room
[17:06:57] <Lorenzo Miniero> Slide 1: HTTP/2 and Proxies
[17:07:01] <Lorenzo Miniero> Current presenter: Adam Langley
[17:07:02] <Lorenzo Miniero> Slide 1: HTTP/2 and Proxies
[17:07:27] meadmaker joins the room
[17:07:46] <Julian> http://httpwg.github.io/wg-materials/ietf90/agl-proxies.pdf
[17:08:00] <Lorenzo Miniero> Slide 2: In the beginning, SPDY had three
[17:08:30] <Lorenzo Miniero> Slide 3: In the beginning, SPDY had three
[17:08:56] Barry Leiba joins the room
[17:09:02] <Lorenzo Miniero> Slide 4: In the beginning, SPDY had three
[17:09:05] <Lorenzo Miniero> Slide 5: In the beginning, SPDY had three
[17:09:47] <hardie@xmpp.rg.net> See also the "Internet over 443" document from Marc Blanchet
[17:09:51] <Lorenzo Miniero> Slide 6: Although not the original intent, the cr
[17:09:55] <Lorenzo Miniero> Slide 7: The end-to-end principle is important, a
[17:09:56] Guangqing Deng joins the room
[17:10:03] <Lorenzo Miniero> Slide 8: Plaintext is no longer reasonable.
[17:10:27] wseltzer joins the room
[17:10:33] <Lorenzo Miniero> Slide 9: End-to-end security is important, and cr
[17:10:53] Nik Tomkinson joins the room
[17:11:01] <Lorenzo Miniero> Slide 10: User-consent is a failure from
[17:11:37] <Lorenzo Miniero> Slide 11: This means that filtering has to be
[17:11:51] Jay Klein joins the room
[17:11:51] <Lorenzo Miniero> Slide 12:
[17:12:04] Guangqing Deng leaves the room
[17:13:17] wseltzer joins the room
[17:14:45] Nik Tomkinson leaves the room
[17:15:03] juberti joins the room
[17:15:06] bortzmeyer joins the room
[17:17:27] <Lorenzo Miniero> Slide 11: This means that filtering has to be
[17:17:32] <Lorenzo Miniero> Slide 12:
[17:17:41] <Lorenzo Miniero> Slide 11: This means that filtering has to be
[17:17:49] mlepinski joins the room
[17:18:54] <Lorenzo Miniero> Slide 12:
[17:19:49] <Eliot Lear> who is this?
[17:20:01] <Eliot Lear> that was will chow
[17:21:08] <Steven Bibby> MIC: Are we only talking about forward proxies, and not reverse proxies?
[17:21:10] <hardie@xmpp.rg.net> Yes, he confirms William Chow
[17:21:33] SM joins the room
[17:21:56] Alexa  Morris joins the room
[17:22:18] Nik Tomkinson joins the room
[17:22:23] <Lorenzo Miniero> Presentation stopped
[17:22:39] JoeHallCDT joins the room
[17:22:41] <Lorenzo Miniero> Slide 1: Trusted Proxy and the
[17:22:47] <Lorenzo Miniero> Current presenter: Peter Lepeska
[17:22:47] <Lorenzo Miniero> Slide 1: Trusted Proxy and the
[17:22:50] <Julian> http://httpwg.github.io/wg-materials/ietf90/trusted_proxy_cost_of_bits.pdf
[17:23:00] Steven Bibby leaves the room
[17:23:10] <Lorenzo Miniero> Slide 2: Internet for Everyone Must Be 100x
[17:23:10] Cedric Gegout leaves the room
[17:23:25] Alexa  Morris leaves the room
[17:23:27] Steven Bibby joins the room
[17:23:27] Cedric Gegout joins the room
[17:24:42] <sftcd> so in what universe is satellite access cheaper?
[17:25:29] <Lorenzo Miniero> Slide 3: Opera Mini Dominates Where Access
[17:25:36] <meadmaker> In the universe where you don't have to lay cables for 50km to the nearest uplink.
[17:26:05] <craigt> varioue reserved B/W situations
[17:26:09] <sftcd> satellite is very expensive even there (and I've deployed pilot networks in such)
[17:26:24] <craigt> short lived, reseerve bandwidth
[17:26:53] Brian Trammell joins the room
[17:26:53] <craigt> waves are commonly contended for short events and premium priced :)
[17:27:47] <Lorenzo Miniero> Slide 4: HTTPS Increasing Dramatically
[17:28:08] rwheeldon joins the room
[17:28:45] wseltzer leaves the room
[17:28:54] <hardie@xmpp.rg.net> No, they need to be able to serve from the cache.   It's an assertion that to do that they must decrypt.
[17:29:04] <Lorenzo Miniero> Slide 5: Satellite Web without Acceleration
[17:30:37] <hardie@xmpp.rg.net> What cache hit rate is he presuming here?  That CNN and Yahoo.com have cache hit rates near 100%?
[17:30:51] <Lorenzo Miniero> Slide 6: What Viasat Is Doing About It
[17:30:57] azet joins the room
[17:31:10] Cedric Gegout leaves the room
[17:32:00] Meetecho RAV joins the room
[17:32:40] <Martin Thomson> hardie@xmpp.rg.net: I imagine that he is talking about cold start there
[17:32:41] Cedric Gegout joins the room
[17:32:50] <Martin Thomson> a lot of those sites do have cacheable sub-resources
[17:33:06] <hardie@xmpp.rg.net> Would be worth clarifying.
[17:33:30] <Martin Thomson> I will confirm that
[17:33:32] <Lorenzo Miniero> Slide 7: What about content distribution?
[17:33:37] <Lorenzo Miniero> Slide 8: Concluding thoughts
[17:34:20] <Lorenzo Miniero> Slide 9: Thank You
[17:35:25] Cedric Gegout leaves the room
[17:35:30] <Lorenzo Miniero> Slide 3: Opera Mini Dominates Where Access
[17:36:04] Cedric Gegout joins the room
[17:36:07] <SM> Hmm, MITM for me?
[17:36:22] <azet> djb?
[17:36:53] Cedric Gegout leaves the room
[17:37:04] Cedric Gegout joins the room
[17:37:07] <Lorenzo Miniero> Presentation stopped
[17:37:20] <Lorenzo Miniero> Slide 1: Explicitly
??Authen/cated
??Proxy
[17:37:24] <Lorenzo Miniero> Current presenter: Salvatore Loreto
[17:37:25] <Lorenzo Miniero> Slide 1: Explicitly
??Authen/cated
??Proxy
[17:37:30] <Julian> http://httpwg.github.io/wg-materials/ietf90/ExplicitAutProxy.pdf
[17:37:46] <Lorenzo Miniero> Slide 2: The
??goal
??
[17:38:05] Cedric Gegout leaves the room
[17:38:08] Meetecho RAV leaves the room
[17:38:44] <Lorenzo Miniero> Slide 3: A different proxy category
[17:38:49] <hardie@xmpp.rg.net> So, GCP is an example of this, right?  It's an intermediary to http traffic, SPDY connected the browser, operated with knowledge and consent etc?
[17:39:27] Doug Turner joins the room
[17:39:29] <Julian> yes
[17:39:31] <hardie@xmpp.rg.net> hmm, but now we have a policy engine, instead of a proxy.
[17:39:34] Cedric Gegout joins the room
[17:39:37] <hardie@xmpp.rg.net> It's choosing content
[17:39:41] <Julian> It's just specific to one implementation
[17:39:45] <Lorenzo Miniero> Slide 4
[17:40:00] <azet> what is this trusted proxy bullshit
[17:40:02] <azet> seriously
[17:40:04] <azet> no.
[17:40:09] Cedric Gegout leaves the room
[17:40:12] Cedric Gegout joins the room
[17:40:20] <SM> azet, IETF stuff that comes up usually:)
[17:40:22] <Lorenzo Miniero> Slide 5
[17:40:42] <azet> yea, i remember that being discussed at multiple times in multiple WGs
[17:40:54] wseltzer in a world where hypotheticals live and breathe
[17:40:54] <Lorenzo Miniero> Slide 6: An access network example
[17:42:04] <Lorenzo Miniero> Slide 7: Regulatory mandate
[17:42:15] JoeHallCDT leaves the room
[17:42:30] <Lorenzo Miniero> Slide 9: Proxy Certificate
[17:42:44] JoeHallCDT joins the room
[17:42:46] rsalz joins the room
[17:43:12] <Lorenzo Miniero> Slide 10: Proxy Certificate
[17:43:37] <Lorenzo Miniero> Slide 11: Opt Out Mechanism
[17:44:42] <Lorenzo Miniero> Slide 12
[17:45:26] <azet> i'm really compelled to swear
[17:45:38] <azet> we should not standardize MITM/DPI
[17:45:49] <azet> but that's just my opinion
[17:46:03] <Doug Turner> Opt Out mechanism.  Probably will boil down to "Do you want to use this Network?"
[17:46:37] <hardie@xmpp.rg.net> Reminder:  when we get to the discussion, if you would like something reflected to the room, please preface with MIC:
[17:46:41] <SM> Isn't this an inevitable choice in the face of pervassive monitoring?
[17:47:01] Steven Bibby leaves the room
[17:47:24] Steven Bibby joins the room
[17:48:06] mikebishop joins the room
[17:48:10] <azet> opt out: *flash* a few years later at blackhat: somebody demos how you circumvent that on the client side
[17:48:39] <Steven Bibby> Will end up a browser choice... if you don't like the browser that forces the opt-in... use a different browser
[17:48:58] <SM> Steven, Ok. :-)
[17:49:09] <Doug Turner> i am not sure why this needs to be in browser — don't captive portals do this now?
[17:49:38] <hardie@xmpp.rg.net> ekr is coming to the mic
[17:50:01] grmoc joins the room
[17:52:04] Dan Wing joins the room
[17:52:21] <Lorenzo Miniero> Proxies in HTTP
[17:52:49] grmoc leaves the room: offline
[17:52:55] <craigt> not getting slides in meetecho
[17:53:03] Roberto Peon joins the room
[17:53:42] <SM> Mark was having fun:-)
[17:53:55] <Lorenzo Miniero> Slide 1: Proxies in HTTP
[17:53:56] <Lorenzo Miniero> Slide 2: ???Proxies Are Useful???
[17:53:59] <Lorenzo Miniero> Slide 3: ???Proxies are Dangerous???
[17:54:03] <Lorenzo Miniero> Current presenter: Mark Nottingham
[17:54:04] <Lorenzo Miniero> Slide 3: ???Proxies are Dangerous???
[17:54:14] <Lorenzo Miniero> fixed craigt
[17:54:24] <craigt> yes, thank you...
[17:54:28] <Lorenzo Miniero> didn't have them preloaded and just now found them on the materials page
[17:54:32] Dan Timpson joins the room
[17:54:37] <Lorenzo Miniero> Slide 4: Pervasive Encryption!
[17:54:42] EKR joins the room
[17:54:48] <Lorenzo Miniero> Slide 5: What does the spec say?
[17:54:50] <azet> which slides are these? not up on the materials page?
[17:55:05] <Lorenzo Miniero> they are now: http://www.ietf.org/proceedings/90/slides/slides-90-httpbis-8.pdf
[17:55:10] <azet> thank you
[17:55:16] <Lorenzo Miniero> it's Proxies in HTTP (Nottingham)
[17:55:31] <Lorenzo Miniero> Slide 6: A ???proxy??? is a message-forwarding ag
[17:56:03] <Lorenzo Miniero> Slide 7: ???Some intermediaries include features
[17:56:58] <Lorenzo Miniero> Slide 8: ???[For HTTPS URIs,] the user agent MUST
[17:57:21] <Roberto Peon> Good to know that the audio is as delayed as usual :)
[17:57:32] <Roberto Peon> (Thanks Lorenzo!!)
[17:57:33] <Lorenzo Miniero> Slide 9: Summing Up
[17:57:50] <Lorenzo Miniero> Slide 10: Changing any of these requires
[17:58:01] <azet> a "trusted proxy" is evil in my opinion
[17:58:03] <Lorenzo Miniero> Is the Meetecho audio delayed for you, Roberto?
[17:58:05] <azet> or at least it can be
[17:58:12] <Lorenzo Miniero> I'm monotiring it right now and it seems ok
[17:58:14] <azet> which is a problem
[17:58:26] <Lorenzo Miniero> Slide 11: This is not a matter of adding
[17:58:31] <rwheeldon> and a "trusted endpoint" isn't?
[17:58:42] <Lorenzo Miniero> Slide 12: ???even though yes, we
[17:58:57] <Lorenzo Miniero> Slide 13: The IETF is bad at political, economic
[17:59:13] slm joins the room
[17:59:21] <azet> that's a difference right? you want to connect to that endpoint, but you (aka a enduser) might not have any idea what "trusted proxy" means (even if the UI is wonderful - which it ususally isn't)
[17:59:44] <Lorenzo Miniero> Slide 14: We do seek to enable the
[18:00:00] <Lorenzo Miniero> Slide 15: ???but changing the nature of
[18:00:16] <Lorenzo Miniero> Slide 16: ???In the Internet age, a whole
[18:00:17] <rwheeldon> no. as a user, I may not want to connect to that endpoint. e.g. i want to connect to amazon. I don't want to connect to double-click
[18:00:20] <bortzmeyer> "Tussle in cyberspace" http://groups.csail.mit.edu/ana/Publications/PubPDFs/Tussle2002.pdf
[18:00:33] <azet> rwheeldon: yup, that's an issue as well
[18:00:44] <Lorenzo Miniero> Slide 17: ???Even the mere possibility of
[18:00:53] <azet> rwheeldon: but a different one we already have in place
[18:01:26] <azet> rwheeldon: for example: could you go phishing with trusted proxies in WANs?
[18:01:32] <Lorenzo Miniero> Slide 18: What Can We Do?
[18:01:47] <azet> just send dumb users stuff, they won't know what to do - click "OK" - read their stuff
[18:02:16] <Eliot Lear> can someone else back me up on etherpad when i go to the mic?
[18:02:23] <azet> at least that's the attack vector i'd go for first
[18:02:27] <azet> there are probably plenty
[18:02:31] Steven Bibby leaves the room
[18:03:11] Steven Bibby joins the room
[18:06:16] Raffaello Secchi leaves the room
[18:06:42] <azet> hahahah
[18:06:45] <azet> *bows*
[18:06:48] <craigt> sound advice
[18:06:49] <SM> HTTPbis is taking on a new problem:)
[18:07:09] Bill Silverajan joins the room
[18:08:03] Bill Silverajan leaves the room
[18:08:12] <Eliot Lear> for those who don't know him, Jens Grossklags at Penn State does research on UI design and this is probably a very good topic to ask him about.
[18:09:08] <azet> that's not only going to be the headline - it's actually going to be used by "bad guys"
[18:09:08] <rwheeldon> I'm also going to talk to Angela Sasse about it - usability and security expert at UCL
[18:09:14] Sean Turner joins the room
[18:09:53] <rwheeldon> azet, I don't get the question w.r.t phishing
[18:09:54] <wseltzer> Gee, thanks for that hand-off to W3C...
[18:10:06] <Eliot Lear> Wendy, we're just totally into that these days
[18:10:14] <sftcd> @wendy: worked for DNT:-)
[18:10:19] <wseltzer> Eliot, can I trade you an EME?
[18:10:26] <Eliot Lear> ;-)
[18:10:29] <sftcd> no thanks
[18:10:36] <azet> rwheeldon: no question, just an observation
[18:10:37] <Lorenzo Miniero> Slide 8: ???[For HTTPS URIs,] the user agent MUST
[18:11:39] <craigt> Origin holds the legal responsibility to protect the content
[18:11:57] <craigt> totally agree
[18:12:06] <JoeHallCDT> @eliot: went grad school with jens. he does more experimental behavioral economics
[18:12:17] Dan Wing leaves the room
[18:13:17] <azet> compression in http,.. well. BREACH.
[18:14:08] <azet> i like the signed/trusted cache idea though
[18:14:17] <azet> sounds like a lot of overhead though
[18:14:26] Thomas joins the room
[18:14:27] <craigt> great for media delivery
[18:14:42] <craigt> alt-svc and common signing would seem to write itself
[18:14:57] <hardie@xmpp.rg.net> And some of the cachable/confidentiality proposals that have gone out would actually meet the issue I put forward.
[18:16:23] <Roberto Peon> Although we'd be better served by making a protocol whose first-purpose was caching.
[18:17:03] <sftcd> "shouted out" is wrong, it was rejected, thoroughly and reasonably
[18:17:05] Phill joins the room
[18:17:15] Dan Wing joins the room
[18:17:30] mikebishop leaves the room: offline
[18:17:44] Dan Wing leaves the room
[18:19:10] <craigt> mic: please ask him to step back from the mic
[18:19:19] <craigt> ah, solved itself
[18:20:23] <rwheeldon> what's the draft he's talking about?
[18:21:19] <Martin Thomson> Roland Zink
[18:21:26] <Eliot Lear> thx
[18:21:30] <Martin Thomson> mark was talking about Gin
[18:21:47] Raffaello Secchi joins the room
[18:22:20] <hildjj> http://tools.ietf.org/html/draft-nottingham-gin-00
[18:22:46] <rwheeldon> hildjj: thanks
[18:23:26] <kaduk> Is that Paul Hoffman not talking into the mic?
[18:23:38] <sftcd> adam langley
[18:24:31] <kaduk> No, Adam uses the mic properly.  Someone was interjecting and not using the mic.
[18:24:56] <sftcd> oh it was the vodafone guy who was before him
[18:25:30] <kaduk> Oh.
[18:26:57] <rwheeldon> mic: martin nilsson and i did some work on putting together a set of use-cases - many of which could be done without modifying headers and / or body content. happy to share with anyone else interested
[18:27:28] <EKR> name?
[18:27:32] <azet> who's on the mic?
[18:27:44] <EKR> azet: I'm here and i still don't know
[18:27:58] <hardie@xmpp.rg.net> Will Chow, again, I think.
[18:28:01] <sftcd> someone who like pointless protocol complexity
[18:28:08] <hardie@xmpp.rg.net> I'm in line, though, so I can't see his face.
[18:28:17] <azet> EKR: the good thing is you won't ever need to introduce yourself, but his voice is pretty generic :)
[18:28:33] <Eliot Lear> yes, it's will chow
[18:28:35] wseltzer joins the room
[18:28:45] wseltzer joins the room
[18:29:15] wseltzer leaves the room
[18:30:22] <rwheeldon> hear, hear
[18:30:33] <EKR> will chow frm
[18:30:53] <azet> wait. what does he mean with annotation exactly?
[18:31:12] Hervé leaves the room
[18:32:18] <craigt> Mic: The internet user AND the CSP
[18:32:32] Hervé joins the room
[18:34:37] hardie@xmpp.rg.net leaves the room
[18:34:42] hardie@xmpp.rg.net joins the room
[18:34:48] <Martin Thomson> Content Security Policy?
[18:35:01] <craigt> Content Service Provider yes
[18:35:02] <craigt> apologies
[18:36:31] <azet> totally agree with the speaker
[18:36:56] <hardie@xmpp.rg.net> @azet that was  Alissa Cooper
[18:37:28] fielding joins the room
[18:37:37] craigt is now known as craigt_bbc
[18:40:38] kmurchison leaves the room
[18:40:58] <craigt_bbc> Interesting parallels imo: http://datatracker.ietf.org/wg/cdni/charter/
[18:41:11] Ken Murchison leaves the room
[18:41:32] <craigt_bbc> focussed from CSP side rather than UA
[18:41:41] Cedric Gegout leaves the room
[18:42:32] <hardie@xmpp.rg.net> There are a bunch of ways to tackle the encrypted, cachable object problem.  But they all seem to fall into the "assume a spherical cow" problem.  You can do it if you assume an infinite size cache, or a startlingly high cache hit rate for other reasons.  But generalizing is hard.
[18:42:38] Hervé leaves the room
[18:42:46] ben leaves the room
[18:43:12] Hervé joins the room
[18:44:08] <azet> ack on "trusted proxy" for MITM beign a bad term
[18:44:15] wseltzer leaves the room
[18:44:18] <azet> s/beign/being/
[18:45:50] Leen Besselink joins the room
[18:45:55] <hardie@xmpp.rg.net> But they're a huge pain—as they must be in-path to work, and much of the network service argument is actually served better by a client-configured proxy, because it can be anywhere.
[18:46:27] Meetecho RAV joins the room
[18:46:44] <Steven Bibby> @craigt_bbc cdni you quoted is for this Akamai speaker :)
[18:47:21] Thomas leaves the room
[18:47:57] <rwheeldon> And that's still less evil than nosslsearch.google.com
[18:48:18] <Leen Besselink> Has anyone looked at creating a standard for signed HTTP files inside of HTTPS pages ? For example for downloading/caching video files when visiting HTTPS-sites.
[18:48:20] <EKR> nosslsearch is the best
[18:48:32] <EKR> Leen: yes, people have looked
[18:48:37] <rwheeldon> EKR: really?
[18:48:38] ben joins the room
[18:48:47] <bortzmeyer> EKR:  name of a draft?
[18:48:49] <EKR> This goes all the way back to like 2660
[18:48:51] <EKR> rfc2660
[18:49:14] <bortzmeyer> Leen Besselink: indeed, HTTPS only provides channel security, we need data security too
[18:49:22] <EKR> I see drafts about this pretty often
[18:49:23] <EKR> hang on
[18:49:28] <wseltzer> SRI, http://www.w3.org/TR/SRI/
[18:49:40] <azet> how do you do that on the UI part?
[18:49:59] <azet> you can send partly signed PGP/GPG messages, it works in theory, but is a mess to implement
[18:50:03] <EKR> http://tools.ietf.org/html/draft-cavage-http-signatures-02
[18:50:10] <azet> actually i'm not aware of any client doing that properly
[18:50:27] <EKR> I am not saying that any of this stuff is awesome
[18:50:41] <EKR> and you're right that the UX is really hard
[18:50:46] <craigt_bbc> GCP: Found under 'bandwidth management', not 'security'...It's all in the marketing
[18:51:14] <Leen Besselink> @azet well, I think it would need to be combines with something like Content Security Policy
[18:51:25] <azet> you can probably easily fake that in the UI side, especially with web tech
[18:51:27] <EKR> azet: that's what SRI is
[18:51:48] <sftcd> hey, there's no need to fight:-)
[18:51:49] <azet> yup
[18:51:56] Dan Timpson leaves the room
[18:52:11] <EKR> sorry, I am  not trying to fight
[18:52:17] <EKR> this gets discussed a lot, I was just trying to say
[18:53:13] <Leen Besselink> anyway thanks @EKR for the info.
[18:53:52] Barry Leiba leaves the room
[18:53:52] <craigt_bbc> It would be a real shame if this directly and immediately affects http2
[18:55:14] Brian Trammell leaves the room: Disconnected: session closed
[18:56:19] ben leaves the room
[18:56:24] mlepinski leaves the room
[18:57:53] <hardie@xmpp.rg.net> http://tools.ietf.org/html/rfc3238 for the IAB doc Tony referenced
[18:58:12] Alex Deacon joins the room
[18:58:20] g.e.montenegro leaves the room
[19:00:46] sftcd leaves the room
[19:01:08] JoeHallCDT leaves the room
[19:01:37] EKR leaves the room
[19:01:41] hardie@xmpp.rg.net leaves the room
[19:01:46] Sean Turner leaves the room
[19:01:46] frodek leaves the room
[19:01:50] Julian leaves the room: Computer went to sleep
[19:01:50] rsalz leaves the room: I'm not here right now
[19:01:53] redaka leaves the room
[19:01:55] Hervé leaves the room
[19:01:56] Erik Nygren leaves the room
[19:01:56] rsalz joins the room
[19:01:56] azet leaves the room
[19:02:04] Martin Thomson leaves the room
[19:02:05] juberti leaves the room
[19:02:08] <Lorenzo Miniero> meeting's over, recordings to be made available soon on http://ietf90.conf.meetecho.com
[19:02:09] Phill leaves the room
[19:02:11] <Lorenzo Miniero> Presentation stopped
[19:02:27] mcmanus joins the room
[19:02:31] SM leaves the room
[19:02:38] Meetecho RAV leaves the room
[19:02:46] mcmanus leaves the room
[19:02:48] Doug Turner leaves the room
[19:03:00] bortzmeyer leaves the room
[19:03:17] Alex Deacon leaves the room
[19:03:22] Leen Besselink leaves the room
[19:03:42] Craig Taylor leaves the room
[19:03:43] Eliot Lear leaves the room
[19:03:45] Raffaello Secchi leaves the room
[19:03:47] Steven Bibby leaves the room
[19:03:48] Nik Tomkinson leaves the room
[19:03:49] Jay Klein leaves the room
[19:03:50] Ben Kaduk leaves the room
[19:04:03] Lorenzo Miniero leaves the room
[19:06:19] craigt_bbc leaves the room
[19:06:40] fielding leaves the room
[19:09:27] kaduk leaves the room
[19:09:54] Brian Trammell joins the room
[19:10:16] hildjj leaves the room
[19:11:39] Julian joins the room
[19:13:43] Julian leaves the room
[19:14:46] mcmanus leaves the room
[19:14:52] hardie@xmpp.rg.net joins the room
[19:15:46] coopdanger leaves the room
[19:16:14] bortzmeyer joins the room
[19:17:05] coopdanger joins the room
[19:17:46] wseltzer leaves the room
[19:18:13] rsalz leaves the room: I'm not here right now
[19:19:27] Brian Trammell leaves the room
[19:19:58] Hervé joins the room
[19:19:58] wseltzer joins the room
[19:20:50] rsalz joins the room
[19:21:17] Doug Turner joins the room
[19:21:52] mcmanus joins the room
[19:22:33] juberti joins the room
[19:23:28] sftcd joins the room
[19:24:04] Doug Turner leaves the room
[19:24:40] slm leaves the room
[19:24:46] mcmanus leaves the room
[19:25:18] wseltzer joins the room
[19:26:10] EKR joins the room
[19:26:50] sftcd leaves the room
[19:28:46] frodek joins the room
[19:29:14] Phill joins the room
[19:29:29] Erik Nygren joins the room
[19:29:41] hildjj joins the room
[19:30:06] Martin Thomson joins the room
[19:30:17] hildjj leaves the room
[19:31:26] Eliot Lear joins the room
[19:32:44] wseltzer joins the room
[19:33:47] slm joins the room
[19:34:09] rsalz leaves the room
[19:34:17] meadmaker leaves the room
[19:35:49] Eliot Lear leaves the room
[19:38:27] hardie@xmpp.rg.net leaves the room
[19:39:09] frodek leaves the room
[19:39:18] coopdanger leaves the room
[19:39:59] EKR leaves the room
[19:41:40] Phill leaves the room
[19:41:46] wseltzer leaves the room
[19:43:16] wseltzer leaves the room
[19:45:24] Phill joins the room
[19:45:37] Martin Thomson leaves the room
[19:46:26] Hervé leaves the room
[19:47:01] Hervé joins the room
[19:47:05] Erik Nygren leaves the room
[19:47:18] Martin Thomson joins the room
[19:48:49] Erik Nygren joins the room
[19:50:49] loreto.salvatore joins the room
[19:52:11] EKR joins the room
[19:56:44] EKR leaves the room
[20:15:07] EKR joins the room
[20:19:27] c joins the room
[20:22:35] loreto.salvatore leaves the room
[20:26:23] loreto.salvatore joins the room
[20:27:42] loreto.salvatore leaves the room
[20:32:22] slm leaves the room
[20:32:56] loreto.salvatore joins the room
[20:35:49] loreto.salvatore leaves the room
[20:36:14] bortzmeyer leaves the room
[20:37:14] loreto.salvatore joins the room
[20:40:03] loreto.salvatore leaves the room
[20:40:30] Martin Thomson leaves the room
[20:40:39] juberti leaves the room
[20:41:21] Erik Nygren leaves the room
[20:41:21] Hervé leaves the room
[20:42:30] Phill leaves the room
[20:44:51] c leaves the room
[20:50:05] EKR leaves the room
[21:07:18] wseltzer leaves the room
[21:09:15] bortzmeyer joins the room
[21:11:48] wseltzer joins the room
[21:13:36] ben joins the room
[21:14:40] Martin Thomson joins the room
[21:15:35] juberti joins the room
[21:17:18] dkg leaves the room
[21:17:34] Erik Nygren joins the room
[21:18:01] Erik Nygren leaves the room
[21:19:05] EKR joins the room
[21:22:16] Phill joins the room
[21:22:36] ben leaves the room
[21:36:20] Phill leaves the room
[21:41:37] juberti leaves the room
[21:43:26] bortzmeyer leaves the room
[21:43:36] bortzmeyer joins the room
[21:58:46] loreto.salvatore joins the room
[22:04:54] mikebishop joins the room
[22:05:34] mikebishop leaves the room
[22:27:49] Roberto Peon leaves the room: offline
[22:33:05] loreto.salvatore leaves the room
[22:48:21] Martin Thomson leaves the room
[22:49:36] bortzmeyer leaves the room
[22:50:42] EKR leaves the room
[23:01:19] wseltzer leaves the room
[23:04:21] EKR joins the room
[23:32:32] EKR leaves the room
[23:56:28] ilari.liusvaara leaves the room: offline
[23:57:33] ilari.liusvaara joins the room