Re: Working Group Last Call: HTTP Client Hints from Julian Reschke on 2020-02-28 (ietf-http-wg@w3.org from January to March 2020)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 28 Feb 2020 08:17:15 +0100
To: Yoav Weiss <yoav@yoav.ws>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>
Message-ID: <f69c7555-3aee-ee82-3a3d-cbdff887d31c@gmx.de>

On 24.02.2020 09:01, Yoav Weiss wrote:
> ...
>     In 4.1:
>
>          o  Entropy
>
>             *  Exposing highly granular data may help identify users across
>                multiple requests to different origins.  Reducing the set of
>                field values that can be expressed, or restricting them to an
>                enumerated range where the advertised value is close but
>     is not
>                an exact representation of the current value, can improve
>                privacy and reduce risk of linkability by ensuring that the
>                same value is sent by multiple users.
>          o  Sensitivity
>
>             *  The feature SHOULD NOT expose user sensitive information.  To
>                that end, information available to the application, but gated
>                behind specific user actions (e.g. a permission prompt or
>     user
>                activation) SHOULD NOT be exposed as a Client Hint.
>          o  Change over time
>
>             *  The feature SHOULD NOT expose user information that changes
>                over time, unless the state change itself is also exposed
>     (e.g.
>                through JavaScript callbacks).
>
>     The list is structured a bit strange. Maybe make it a definition list.
>
>
> Can you point to an example of what you mean by that?
> ...

Aha, now I'm supposed to learn kramdown syntax

Try this:

 > {: vspace="0"}
 > Entropy:
 > : Exposing highly granular data can be used to help identify users
across multiple requests to different origins. Reducing the set of
header field values that can be expressed, or restricting them to an
enumerated range where the advertised value is close but is not an exact
representation of the current value, can improve privacy and reduce risk
of linkability by ensuring that the same value is sent by multiple users.
 >
 > Sensitivity:
 > : The feature SHOULD NOT expose user sensitive information. To that
end, information available to the application, but gated behind specific
user actions (e.g. a permission prompt or user activation) SHOULD NOT be
exposed as a Client Hint.
 >
 > Change over time:
 > : The feature SHOULD NOT expose user information that changes over
time, unless the state change itself is also exposed (e.g. through
JavaScript callbacks).

Best regards, Julian

Received on Friday, 28 February 2020 07:17:39 UTC