- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 25 Jul 2011 20:54:05 +0200
- To: ietf-http-wg@w3.org
Hi, http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-15 currently does mention that "Because cache contents persist after an HTTP request is complete, an attack on the cache can reveal information long after a user believes that the information has been removed from the network", but does not seem to address privacy issues that go along with that. "Evercookie" for instance abuses the ETag header as tracking mechanism, and specially crafted cached resources to the same end; others abuse 301 redirects, and there are other features that can be abused this way. The draft should note this as a general problem and cite some of the things we know about as examples. regards, -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 25 July 2011 18:54:43 UTC