Re: [RFC] Information headers in HTTP

On Wednesday 20 June 2007, Rigo Wenning wrote:
> Hi Harhalakis,
>
> there was a similar request to the KHTML development list and I take the
> response from Bert Bos from there:

Thank you for your reply. Please have a look at this:

http://lists.kde.org/?l=kfm-devel&m=118223261027319&w=2

I believe that this answers almost everything, except from the last one:

>    - All headers that you add to HTTP cause overhead. The time zone is
>      rarely needed, but it takes up bandwidth all the time. (The same
>      goes for anything else you might want to know about the client
>      side:
>      name of user, OS, amount of RAM, free disk space, whether
>      there is a printer, name of the user's mother...)

This is the main reason that the Information Headers were suggested. This way 
the HTTP protocol will be able to be extended and there will be no overhead 
unless it is required.

> Timezone is in the P3P Base dataschema for a good reason as it can be
> relevant for privacy. It is in the variable category as it is most
> privacy relevant together with other data transmitted. I think there
> are better ways to transmit or use timezone data, so having them in the
> http header doesn't look like the best idea. CC/PP or UAProf would be
> the preferred methods. Those can also be complemented with P3P to know
> what the data is used for etc...

What I'm proposing may be able to be regulated by P3P. As far as I understand, 
P3P only describes the data the server collects and their intended usage. The 
proposal clearly says that clients must not send information without asking 
or letting the user prevent it.

Does the proposal conflict with the P3P?

I'd like to clarify that the Timezone header was the original idea. The 
information headers are another (distinct) one. If accepted, the timezone 
information could be sent using the information headers on-demand. Thus the 
two of them should not be confused.

Received on Tuesday, 19 June 2007 21:59:15 UTC