Open samuelweiler opened 7 years ago
Based on feedback from IETF99, Jeffrey published two new docs (also visible at the link above):
this is being tied to the #44 AMP discussion with the recent announcement https://amphtml.wordpress.com/2018/01/09/improving-urls-for-amp-pages/amp/
Related TAG Issue: https://github.com/w3ctag/design-reviews/issues/235
Related: Packaging on the Web, TAG First Public Working Draft 15 January 2015 [retired]
IETF mailing list: https://www.ietf.org/mailman/listinfo/wpack Slideware for intro that was NOT given at IETF 102 (Montreal, July 2018): https://github.com/danyork/wpack-intro-ietf102
Response today from Jeffrey Yaskin to Mozilla feedback:
https://github.com/mozilla/standards-positions/issues/29#issuecomment-459547918
Updated state copied from @jyasskin's message to the IETF dispatch list: https://mailarchive.ietf.org/arch/msg/dispatch/e6ZSh7ocW6n2afnbwGzBlX1WT8Y
TL;DR: I'd like to request another discussion of Web Packaging at IETF104. We think it'll be ready for a BOF at IETF105, but mnot suggested we take it back here for a second look.
We dispatched Web Packaging, https://github.com/WICG/webpackage/, at IETF99, with the discussion at https://mailarchive.ietf.org/arch/msg/dispatch/lZohQ8ypodcpB2f_jhxoBRMYl0o. On your advice, we split the proposal into two pieces, "signed exchanges", and "bundles". We also created the https://mailarchive.ietf.org/arch/browse/wpack/ mailing list, although it hasn't seen as much activity as the github issue tracker.
The signed exchanges specification is mostly complete, in an IETF draft that specifies the format: https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html, and a WICG draft that specifies how it integrates with Fetch: https://wicg.github.io/webpackage/loading.html. We've implemented that specification in Chromium, run an origin trial in Chrome, and will be shipping the current version in Chrome 73: https://groups.google.com/a/chromium.org/d/topic/blink-dev/gPH_BcOBEtc/discussion .
Despite shipping the current version, we expect standards bodies to make more changes, and we've built in a way to migrate users to new versions of the specification.
The Bundles specification is very roughly sketched, but we expect to flesh that out and start implementing it in the next few months.
The W3C TAG recently discussed the state of things at https://github.com/w3ctag/meetings/blob/gh-pages/2019/02-tokyo/02-06-minutes.md#signed-exchanges-and-bundling .
Mark Nottingham and a representative of the TAG are organizing an "ESCAPE" conference at a TBD date to help publishers organize their feedback on the proposals. This has been pushed back a couple times, but it sounds like it's more solidly planned for either May or July before IETF105.
We think we'll be able to write a WG charter that we can discuss in a BOF at IETF105, with the goal of handing control of the specifications to a more formal group. However, mnot suggested that we come back to DISPATCH to see if anyone's sense of the right plan has changed now that we have a little more experience with the proposals.
Report from the IAB's 2019 Workshop on Exploring Synergy between Content Aggregation and the Publisher Ecosystem (ESCAPE): https://tools.ietf.org/html/rfc8752
Announcement/CFP: https://www.iab.org/activities/workshops/escape-workshop/ https://www.iab.org/2019/05/02/call-for-papers-escape-workshop/
IETF WPACK group: https://tools.ietf.org/wg/wpack/
Jeffrey Yasskin is proposing new web packaging work at the IETF - see presentation to the DISPATCH WG at IETF99 (July 2017). https://github.com/WICG/webpackage
2020: the IETF has a WG for this: https://tools.ietf.org/wg/wpack/
This additional information from @sideshowbarker:
Use cases: https://wicg.github.io/webpackage/draft-yasskin-webpackage-use-cases.html Explainer: https://github.com/WICG/webpackage/blob/master/explainer.md
As noted at https://www.chromestatus.com/feature/5745285984681984, representatives from both the Firefox dev team and Safari dev team has expressed unwillingness to implement:
The gist of the feedback is that the associated security considerations are serious to the degree that the Signed HTTP Exchanges feature is harmful: