Re: [w3ctag/design-reviews] `Accept-CH` header is weird (#206) from Mark Nottingham on 2018-04-05 (public-webapps-github@w3.org from April 2018)

From: Mark Nottingham <notifications@github.com>
Date: Thu, 05 Apr 2018 04:20:21 +0000 (UTC)
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/206/378816154@github.com>

Right now, [the draft](http://httpwg.org/http-extensions/draft-ietf-httpbis-client-hints.html#client-hint-request-header-fields) defines the opt-in mechanism and requires is use [with a SHOULD](http://httpwg.org/http-extensions/draft-ietf-httpbis-client-hints.html#security-considerations):

> Implementers SHOULD support Client Hints opt-in mechanisms and MUST clear persisted opt-in preferences when site data, browsing history, browsing cache, or similar, are cleared.

Otherwise, it's optional (and this is reinforced in several places).

I think that the minimal change that the TAG wants is to remove/reduce that SHOULD, correct? Or is it preferable to remove the opt-in mechanism completely? What about the Feature Policy integration?

For background, [this issue](https://github.com/httpwg/http-extensions/issues/372) covers some of the privacy discussion.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/206#issuecomment-378816154

Received on Thursday, 5 April 2018 04:20:45 UTC