W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Tue, 19 Nov 2013 20:00:17 +0100
Message-ID: <4acd7d5b5c4667fd4e798b03764ab5ef.squirrel@arekh.dyndns.org>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, "HTTP Working Group" <ietf-http-wg@w3.org>

Le Mar 19 novembre 2013 09:43, Roy T. Fielding a Ă©crit :

> Furthermore, I have a hard time believing the privacy propaganda
> being spread by the browser makers.  If they want to improve
> privacy, all they have to do is remove the crappy features
> that cause their HTTP use to be insecure.  Stop blaming the
> protocols for exposing information that shouldn't be sent in
> the first place.
>
> Don't allow cookies from a secure site to be sent to a non-secured site.
> Double-key cookies so that they don't share information across multiple
> referring sites. Implement an obvious logout in the UI chrome.
> Don't send cached credentials if the referring document isn't trusted
> or same-origin.  Don't allow BASIC over an unsecured connection.
> Implement authentication schemes that don't expose the user's secret.
> Prevent extensions and scripts from mimicking authentication forms.

Stop sending referers…

-- 
Nicolas Mailhot
Received on Tuesday, 19 November 2013 19:00:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC