Re: Migrating some high-entropy HTTP headers to Client Hints. from Ilya Grigorik on 2019-01-29 (ietf-http-wg@w3.org from January to March 2019)

From: Ilya Grigorik <igrigorik@google.com>
Date: Tue, 29 Jan 2019 08:55:45 -0600
To: Martin J. Dürst <duerst@it.aoyama.ac.jp>
Cc: Mike West <mkwst@google.com>, Yoav Weiss <yoavweiss@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CADXXVKqmzBNUQKHN8Dj-oeMPjs962YmktiCiC3qcUPDUSF7QRw@mail.gmail.com>

On Tue, Jan 29, 2019 at 1:34 AM Martin J. Dürst <duerst@it.aoyama.ac.jp>
wrote:

> > CH is not a magic bullet but the constraints it introduces — I think —
> > offer significant accountability and transparency improvements over
> status
> > quo.
>
> Thanks for the explanations. If something similar can go into the
> relevant draft, in a "Privacy Considerations" section if there is one,
> and if not as part of the "Security Considerations" section or in some
> other appropriate place, then that would be great.
>

We do have one [1] but we don't explicitly spell out what we discussed here
and I agree that we should. I'll take an AI to add this when we tackle the
refactor.

thanks!

[1]
https://httpwg.org/http-extensions/draft-ietf-httpbis-client-hints.html#security-considerations


>
> Regards,   Martin.
>
> > ig
> >
>

Received on Tuesday, 29 January 2019 14:56:44 UTC