W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: [perpass] HTTP user-agent fingerprinting

From: Leif Hedstrom <leif@ogre.com>
Date: Mon, 16 Sep 2013 09:00:24 -0600
Cc: Karl Dubost <karl@la-grange.net>, Patrick Pelletier <code@funwithsoftware.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, IETF HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <A5143524-DF3E-4CB3-8451-242AEE43303F@ogre.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
On Sep 13, 2013, at 3:55 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> In message <A5264783-BDBC-445B-B97D-0764319FC38C@la-grange.net>, Karl Dubost wr
> ites:
> 
>> Note that anything which is removed will break something. 
> 
> Yes, undoubtedly.
> 
> But if HTTP/2.0 limits User-Agent to 32 bytes, that means that
> no HTTP/2.0 browser will send more than 32 bytes, and no website
> will support HTTP/2.0 until they can do their job with just 32 bytes
> of User-Agent.

I imagine that for some time during HTTP/2 early deployments, the primary server technology would include HTTP/2.0 -> HTTP/1.1 proxies. As such, those same HTTP/1.1 servers would presumably still require the same UA fingerprinting as they do today.

From prior experiences, most IPv6 deployments I've done used v6tov4 proxies. We would roll v6 out on a small number of servers, yet still provide the feature for all existing IPv4 services. It seems reasonable to think that HTTP/2 would be deployed (initially) in a similar fashion?

Yes, I know, the HTTP/2->HTTP/1.1 proxies could rewrite the UA. :) I probably would if we changed the UA requirements (e.g. 32-byte size limit).

Cheers,

-- Leif
Received on Monday, 16 September 2013 15:01:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:15 UTC