►
From YouTube: WebPerfWG design call - September 6th 2019
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
D
B
So
in
the
previous
episode,
I
think
I
left
it
to
Ralph
is
about
to
make
a
decisions,
and
we
should
expect
it
in
the
next
few
days
and
funny
early
things
went
south
after
that.
We're
basically
Ralph
actually
wanted
to
talk
to
Tim
Tim
Tim
Bell
after
that,
which
produces
significant
delay,
because
Tim
Bell
was
on
was
was
away
for
a
while
that
meeting
append
append
a
week
and
a
half
ago
a
week
ago.
Something
like
that.
B
A
So,
for
a
bit
of
context,
we
had
a
discussion
of
the
privacy
folks,
I
think
we
talked
about
that
issue
on
the
calls.
There
were
a
couple
of
issues
that
they
raised
and
we
concluded
were
not
very
actionable
and
therefore
ended
up,
closing
them
and
they
basically
I,
don't
know
if
they
raised
the
formal
objection,
but
a
basically
objected
to
the
spec
moving
to
rec.
A
E
B
F
F
A
A
Can
you
see
my
screen
yep?
Okay,
okay,
great,
so
this
is
something
we
actually
wanted
to
talk
about
like
at
the
face
to
face
and
then
just
owning
it
ever
since.
But
there
are
various
loading
related
primitives
that
are
that
chrome
is
working
on
and
have
shipped
some
of
them
and
planning
to
ship
others
at
some
point
and
there's
still
no
consensus
from
other
vendors
regarding
them.
A
A
So
it
decouples
the
transport
origin
from
the
origin
concept
in
a
way,
so
it
creates
certificate
based,
origins,
the
content,
the
contents
origin
is
cryptographically
verified
through
the
certificate
and
it
provides
us
authenticity
and
integrity.
So
the
browser
can
know
that
the
content
arrived
from
that
origin
and
can
know
that
it
wasn't
tampered
with,
but
it
doesn't
provide
confidentiality
from
the
serving
server.
So
in
the
previous
scenario,
b.com
will
know
which
resources
from
accom
were
downloaded
by
the
user,
but
other
because
the
connection
from
Beacom
is
all
to
the
user
is
also
over
TLS.
A
Am
I
tanning
on
the
wire
will
not
know
anything
more
than
they
do
today
and
sign
exchanges
enable
us
to
serve
the
cure
context.
Sign
content
from
any
arbitrary
server
and
the
browser
treats
that
at
an
internal
redirect
from
the
become
URL
to
the
a.com
URL,
and
we
have
multiple
use
cases
for
that.
The
major
one
is
for
privacy-preserving
prefetched,
so
being
able
to
prefetch
resources
without
revealing
the
identity
of
the
user
to
the
origin,
because
the
user
has
not
done
any
like
hasn't
yet
expressed
interest
in
accessing
the
information
on
a
calm.
A
But
we
want
it
to
be
like
we
want
the
user
to
have
that
information
ahead
of
time
anyway.
So
sign
exchanges
enable
the
browser
or
enable
services
to
prefetch
that
content
from
trusted
servers
without
revealing
that
prefetch
to
the
original
origin.
It
also
enables
offline,
PWA
installs,
so
enables
users
to.
A
We
can
expend
more
on
the
various
use
cases
if
you're
interested
at
a
side
conversation
at
Deepak,
but
for
now
I
think
that
the
main
implication
of
sign
exchanges
for
our
web
perf
API
is
is
that
it
includes
some
extra
steps
when
downloading
the
resource.
So
once
the
sign
exchange
was
downloaded,
the
browser
needs
to
verify
its
sir.
It
needs
to
download
and
verify
its
certificate
chain,
so
that
adds
potentially
an
extra
hop
that
needs
to
be
accounted
for
as
part
of
our
resource
timing
diagram.
F
A
G
A
Theoretically,
although
now
we
mainly
talk
about
sign
exchanges
as
means
to
deliver
navigation
responses
and
then
for
resource
timing,
we'll
talk
we'll
talk
about
resource
timing
more
when
we
are
talking
about
bundled
exchanges.
We're
bundled
exchanges,
expand
the
concept
of
sign
exchanges
to
bundle
more
than
just
a
navigation
resource
and
includes
temporary
sources
as
well.
Is.
G
G
A
Is
true
and
it's
true
that
we
could
also
have
sign
exchange
it
like?
Theoretically,
we
can
have
sign
exchanges
applied
to
sub
resources
and
then
have,
for
example,
CDNs
serve
them
from
you
know,
served
signed
resources
from
the
origin
and
on
the
main,
h2
connection,
rather
than
you
know,
having
the
browser
connect
to
a
separate
host.
So,
yes,
theoretically
those
same
issues
apply
to
resource
timing
as
well.
G
H
G
A
A
H
Just
like
a
couple
of
quick
now
so
issue,
107
I've
tried
to
document
some
of
the
background
discussions
and
a
proposal
for
how
we
could
attempt
this
problem.
I
also
wants
to
unpack
a
couple
of
distinct
questions
and
that
your
highlighted
here
I
think
the
non-controversial
bit
is
exposing
that
something
was
served
from
anis
SXG
at
least
I've
not
heard
much
pushback
on
that.
We
do
need
to
distinguish
the
fact
that
something
was
served
through
this
format
and
for
that
something
as
simple
as
surfacing
a
new
timestamp
in
our
timeline.
H
H
There
was
a
set
of
steps
that
happen
for
validating
SXG
and
the
actual
validation
could
actually
be
significant,
because
if,
for
example,
you're
fetching
a
resource
signed
resource
for
an
Origin
that
you've
never
visited,
the
browser
would
have
to
basically
hit
the
brakes,
fetch
the
cert,
the
melody
and
all
that
and
then
proceed,
and
then
it
can
cache
the
cert
and,
on
future
navigations
be
much
faster,
but
still
like.
That
would
be
a
pretty
significant
delay.
Potentially
the
bit
that's
undefined
right
now.
H
Other
words
trying
to
figure
out
is:
are
we
and
what
are
we
allowed
to
expose
about
the
specific
distributor?
So
one
could
imagine
that
I
is
a
provider
of
content
in
this
new
world
of
SX
GS.
My
content,
maybe
was
distributed
by
multiple
multiple
distributors
and
I,
want
to
know
what
are
the
performance
characteristics
of
each
one,
because
it's
not
a
given,
for
example,
that
it's
always
better.
H
There
are
some
caveats
there
in
terms
of
privacy
and
security,
so
that
that's
that
we're
still
working
through
with
the
folks
working
on
s
XG,
but
as
a
first
step,
I
think
we
should,
as
a
group,
consider
defining
validation,
start
I
agree.
This
is
not
a
level
3
feature
and
then
kind
of
in
parallel,
try
to
nudge
the
discussion
on
what
distributors.
I
H
I
I
I
mean
I
for
sure,
like
having
some
kind
of
certificate,
validation
explicitly
marked,
and
we
start
signing
or
navigation
timing.
Whichever,
however,
were
person,
that's
that's
essential,
but
also
I
want
to
just
like
call
out
that
chrome,
dev
tools
are
have
this
new
idea
of
an
internal
redirect,
and
so
that
only
takes
place
way
before
this
right
right
before
certificate
validation,
I,
would
love
to
see,
see
some
thinking
about
a
new
type
of
redirect
or
internal
redirect.
I
H
I
I
H
Yeah
so
I
think
actually
the
first
it's
rekha
woods.
Yo
was
hinting
at
one
of
the
first
use
cases
in
the
major
use.
Cases
for
internal
redirect
and
chrome
is
HSCs.
Where
effectively
we
look
at
the
URL.
We
look
at
the
policy
of
the
history
if
there's
a
polyp
HSCs
policy
and
me
rewrite
it
on
the
fly
to
http
before
the
request
goes
out.
So
we
treat
that
as
an
internal
redirect
effectively
or
we
model
it
as
a
internal
redirect
in
our
net
stuff,
yeah.
I
J
H
I
I
mean
we've
seen
cases
where
certificate
validation.
You
take
a
lot
of
time,
II's
a
browser.
So
that's
why,
like
for
sure,
we
want
a
certificate
part
of
this
explicitly
noted
and
resource
timing,
but
I
think
I
eat
there
read
the
it
because
you're
talking
about
like
maybe
some
exciting
exchanges,
have
different
performance
characters
disks
amongst
themselves,
regardless
of
the
originating
site,
so
I
mean
yeah.
We
definitely
want
to
have
that
noted.
Yeah
thanks
thanks.
J
All
right,
I'll
point
out:
the
HSTs
annual
gate
is
implement
by
CF
network,
a
library
and
other
platforms.
Do
we
use
implement
that
other
libraries
and
the
sign
exchange
presumably
warm,
be
implemented
at
the
layer?
So
you
using
the
same
mechanism
that
might
pose
a
like
sort
of
implementation
challenge
for
us.
As
in
no,
we
may
not
be
a
process.
I
J
I
A
So
Jeffrey
AppScan
has
done
amazing
work
at
that's
IETF
stuff,
so
it's
wi,
cg
repo.
At
the
moment
there
have
been
ongoing
debates
at
the
ITF
regarding
what
is
the
ideal
venue?
It's
probably
going
to
go
for
a
buff
to
determine
whether
90f
working
group
will
be
created
for
to
define
all
those
concepts
in
Singapore
in
a
couple
months.
It's
currently
it
currently
lives
under
wi
cg,
/
web
packaging,
yeah.
I
I
A
A
H
Common
one,
one
very
concrete
use
case:
this
is
research.
Alright,
so
I
mean
a
search.
These
case,
a
user
conduct
a
search,
they're
searching
for
something
something
sensitive.
We
provide
a
set
of
potential
results
and
we'd
like
to
optimize
the
experience
with
a
user
and
potentially
prefetch
some
start
prefetching.
Some
of
that,
if
you
do
that
in
the
existing
model
today,
it
requires
that
we
go
and
prefetch
from
the
origin
which
leaks
intent
and
information
about
the
user
without
the
user
actually
ever
clicking
explicitly
clicking
on
a
link.
H
So
this
is
actually
being
used
by
the
amp
team.
Today,
the
on
their
amp
blog,
you
can
read
about
their
experience
and
their
requirements
around
that.
So
that's
that's.
A
strict
privacy
requirement
from
Google
search
that
exists
today
and
sign
exchanges
is
one
of
the
building
blocks
that
enables
any
content
to
be
served
in
that
way.
So
the
way
that
works
is
there's
a
trusted
distributor
which
does
not
leak
that
data
to
the
actual
origin.
H
I
I
think
it
seems
like
a
lot
of
implementation
to
find
and
there's
like
a
lot
of
confusion
between
what
implementations
are
optimizing
for
and
what
actually
users
are
asking
for.
Like
the
user
didn't
ask
for
that
prefetch
and
the
Google
search
scenario
you
sketched.
Is
there
a
way
to
you
know
what
I
mean
like?
That's?
That's,
not
the
users
problem.
That's
like
the
vendors
problem
for
being
aggressive
at
pre,
prefetching,
that
that
is
where
these
privacy
implications
are
coming
in.
H
A
G
A
G
A
A
G
A
Yeah
and
also
the
certificate
URL
can
also
be
served
from
trusted
servers
and
not
necessarily
from
the
origin.
So
you
need
the
full
certificate
change,
but
the
full
certificate
chain,
but
you
don't
need
it
delivered
from
the
origin.
Okay,
okay,
and
on
that
note,
let's
move
on
to
bundles,
so
bundled
exchanges
is
a
concept
that
was
initially
tangled
up
with
the
sign
exchanges
as
web
packaging
and
was
since
split,
and
it
enables
various
basically
it's
very
similar
to
two
multi-part
based.
A
And
as
far
as
web
perf
api's
are
concerned.
We
have
resource
timing.
So
Todd
was
correct
to
state
that
resource
timing
can
be
served
as
an
explicit
Sun
time
exchange.
But
if,
if
they
are
served
from
a
bundle,
that
is
again
gives
us
different
performance
characteristics
and
probably
something
that
one
liked
that
we
want
to
add
a
flag
for,
so
that
analytics
vendors
can
tell
when
a
resource
would
cert
from
a
bundle
versus
not
and
then
potentially.
A
So
we
wrote
here
like
time
waited
for
bundle
to
download,
but
bundles
are
basically
progressively
parsed.
So
it's
not
necessarily
the
start
end
times
of
the
full
bundle,
but
maybe
we
need
start
end
times
of
the
resource
inside
the
model,
which
makes
the
definition
a
bit
more
late.
Basically
we're
introducing
the
parsing
overhead
bundle
as
something
that
will
impact
the
start
and
end
time
of
the
single
resource.
A
G
A
Right,
let's
consider
a
different
scenario,
so
you
have
a
navigation
request
for
food
HTML
that
MJS
and
food
CSS
in
it
in
it
as
a
bundle.
So
the
server
is
serving
all
of
that
as
a
single
signed,
bundle,
yep
and
then
the
browser
starts
receiving
the
content.
It
starts
to
assuming
the
bundle,
but
initially
it
only
has
the
content
for
food,
our
HTML,
so
that
it
marks
the
points
of
start
and
end
time
for
food
are
HTML
at
that
point
and
then
it
starts
receiving
the
content
for
food
is
inside
that
very
same
bundle.
G
Yes,
okay,
that
makes
sense.
That's
the
that's
by
the
way,
the
simple
top-down
bundle.
That's
why
I
was
actually
asking
about
the
corner
case,
which
was
the
let's
imagine.
I
asked
for
a
subset
of
a
bundle
with
Hana
server
then
also
respond
with
a
bundle
when
you
ask
for
a
resources
that
not
part
of.
A
A
G
A
G
If
there's
a
bundle-
and
we
consider
hey
we're
just
going
to
expose
the
bundle,
but
that
would
expose
one
piece
of
information,
but
what
it
would
hide
is
is
the
stub
bits
of
client
parsing
and
the
possible
slowness
if
there's
a
streaming
server
building
this
thing
on
the
fly
in
the
various
responses.
Yeah,
do
you
think
that
that's
that
sub
information
is
needed?
I
don't
know
if
there's
any
website
developers.
A
Basically,
the
bundles
start
will
be
too
soon
like
if
we
expose
bundles
start
instead
of
actual
resource.
Parsing
start
that
will
not,
and
it
wants
to
know
why
didn't
JavaScript
processing
happen
right
away
because,
like
you
know,
you
still
have
to
download
and
process
the
HTML.
But
you
don't
consider
that
in
your
time
stamps
just.
G
A
G
G
G
A
And
also,
if
you
miss,
ordered
your
bundle
right,
you
can
have
the
same
size
bundle
but
in
you
know
the
wrong
order
and
that
can
cause
slowness
and
you
won't
be
able
to
know,
because
you
won't
have
those
time
stamps.
So
god
I
think
this
is
something
we
need
to
think
about
when
your
bundles
are
not
yet
shipping.
But
it's
something
that
we'll
need
to
think
about
at
some
point.
Do.
G
A
So
I
don't
think
that
the
the
point
here
is
not
the
exposing
the
first
time
I
think
we
should
talk
about
exposing
part-time
separately
for
resource
timing.
But
here
the
point
is
not
the
parse
time
of
the
JavaScript,
but
the
first
time
of
the
external
bundle
that
revealed
here
is
the
start,
and
here
is
the
end
of
the
JavaScript.
And
here
is
the
start
and
here's
the
end
of
the
CSS,
so
just
the
part
time
that
it
took
for
the
like
to
parse
the
bundle
in
order
to
discover
the
resource
of
themselves.
A
F
A
A
G
C
A
A
A
So
we
have
the
agenda
doc
for
tea
pack.
We
have
an
agenda
scratch
pad
with
a
bunch
of
ideas.
What
we
thought
in
bran
law,
like
the
broad
lines
we
thought
about,
is
to
have
design
design
discussions
on
Monday
and
then
talk
more
about
history
issues
and
try
to
make
some
high
bandwidth.
Progress
on
controversial
issues
on
Tuesday
I
still
need
to
review
all
the
current
issues
and
tagged
the
ones
that
require
more
discussions
versus
the
ones
that
are
just
work,
but
when
it
comes
to
yeah
and
HR
time
as
well
on
Tuesday.
I
D
A
A
H
Another
one
that
popped
up
recently:
it's
work
on
compress
tree
accuracy,
so
the
context
here
is
exposing
an
API
to
compress
data
on
the
client
without
shipping,
your
own
compressor,
which
many
of
our
providers
it
today
that
that's
being
incubated
by
a
chrome
team
actually
out
in
Tokyo.
Is
there
interest
in
the
group
in
having
them
come
out
and
talk
about
these
cases
engaging
with
the
group.
A
H
A
L
H
L
G
A
G
And
then
could
you
put
a
note
on
frame
timing,
gnomes
in
Israel
and
will
be
dialing
in
for
that
discussion?
So
we'll
want
to
schedule
that
late
in
Japan
to
get
it.