W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2019

Re: Data motivating CH? (From PING)

From: Yoav Weiss <yoav@yoav.ws>
Date: Wed, 13 Feb 2019 15:41:35 +0100
Message-ID: <CACj=BEhYJ1tFBFGNApg=gx1BaWeKVK9OKiPUeTX7bKVMo5iTiA@mail.gmail.com>
To: Pete Snyder <psnyder@brave.com>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Hey Pete,

On Wed, Feb 13, 2019 at 12:22 AM Pete Snyder <psnyder@brave.com> wrote:

> Hi All,
> I’m Pete Snyder from PING.  PING is interested in what data has been
> gathered / exists to motivate moving fingerprintable values into to
> passively collectable, log-able headers.

I'm sorry, but I have to reject your claims regarding "passively
collectable" as well as "log-able".
More details on why can be found on my reply to the issue you opened

> Given that the spec increases the risk of privacy-loss

Again, I have to reject that claim.

> (there is a subsection of the spec for this purpose)

All specifications nowadays have to include a "Security and Privacy
considerations" section. Are you implying that including such a
considerations section somehow proves that a proposal is less secure or
introduces privacy leaks?

> , we're interested in what data exists to show that this risk would be
> counter balanced by benefit to:
> 1. A significant portion of web users,
> 2. On a significant portion of web sites
> Does any such data exist? Any relevant information would be extremely
> useful as we continue considering the proposal.

Data specific to the real-world performance benefits of improved content
negotiation that CH provides can be found here
I believe we're still lacking data on the privacy benefits of using the CH
infrastructure to reduce passive fingerprinting, as this proposal is still
at an early phase.

> Best,
> Pete Snyder
Received on Wednesday, 13 February 2019 14:42:15 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 13 February 2019 14:42:17 UTC