Re: #645: Privacy impact of connection coalescing

> On 21 Nov 2014, at 2:59 pm, Greg Wilkins <gregw@intalio.com> wrote:
> 
> 
> Mark,
> 
> I can think of many ways that HTTP/1.1 can be used by a server to measure the latency to a client - even more when TLS is used.   So nothing new there.  Also HTTP1.1 has persistent connections, so multiplexing is not really a new form of tracking, albeit maybe a little bit more effective now.
> 
> Warning that cookies and SSL ID's can be used to track users is OK because they are part of the protocol.   But there are so many ways that network meta data can be used to identify users that I don't think we can produce an exhaustive list and a partial list has little value.

The point is that these capabilities are new to this version of the protocol. 

> 
> regards
> 
> 
> 
> 
> 
> 
> On 21 November 2014 14:28, Mark Nottingham <mnot@mnot.net> wrote:
> <https://github.com/http2/http2-spec/issues/645>
> 
> In private discussion with folks from Tor, a few privacy concerns came up which seemed good to document. I've made a pull proposing relevant changes:
> 
> <https://github.com/http2/http2-spec/pull/647>
> 
> Any thoughts?
> 
> Cheers,
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 
> 
> 
> 
> -- 
> Greg Wilkins <gregw@intalio.com>  @  Webtide - an Intalio subsidiary
> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
> http://www.webtide.com  advice and support for jetty and cometd.

--
Mark Nottingham   https://www.mnot.net/

Received on Friday, 21 November 2014 04:51:06 UTC