- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 20 Nov 2013 02:43:30 +0100
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Nov 19, 2013 at 08:00:17PM +0100, Nicolas Mailhot wrote: > > Le Mar 19 novembre 2013 09:43, Roy T. Fielding a écrit : > > > Furthermore, I have a hard time believing the privacy propaganda > > being spread by the browser makers. If they want to improve > > privacy, all they have to do is remove the crappy features > > that cause their HTTP use to be insecure. Stop blaming the > > protocols for exposing information that shouldn't be sent in > > the first place. > > > > Don't allow cookies from a secure site to be sent to a non-secured site. > > Double-key cookies so that they don't share information across multiple > > referring sites. Implement an obvious logout in the UI chrome. > > Don't send cached credentials if the referring document isn't trusted > > or same-origin. Don't allow BASIC over an unsecured connection. > > Implement authentication schemes that don't expose the user's secret. > > Prevent extensions and scripts from mimicking authentication forms. > > Stop sending referers??? Stop sending pre-connects to recently visited sites when the user starts the browser and involuntarily shows he's currently online ? Willy
Received on Wednesday, 20 November 2013 01:43:56 UTC