RE: A proposal

> Date: Wed, 20 Nov 2013 02:43:30 +0100
> From: w@1wt.eu
> To: nicolas.mailhot@laposte.net
> CC: fielding@gbiv.com; stephen.farrell@cs.tcd.ie; ietf-http-wg@w3.org
> Subject: Re: A proposal
> 
> On Tue, Nov 19, 2013 at 08:00:17PM +0100, Nicolas Mailhot wrote:
> > 
> > Le Mar 19 novembre 2013 09:43, Roy T. Fielding a écrit :
> > 
> > > Furthermore, I have a hard time believing the privacy propaganda
> > > being spread by the browser makers.  If they want to improve
> > > privacy, all they have to do is remove the crappy features
> > > that cause their HTTP use to be insecure.  Stop blaming the
> > > protocols for exposing information that shouldn't be sent in
> > > the first place.
> > >
> > > Don't allow cookies from a secure site to be sent to a non-secured site.
> > > Double-key cookies so that they don't share information across multiple
> > > referring sites. Implement an obvious logout in the UI chrome.
> > > Don't send cached credentials if the referring document isn't trusted
> > > or same-origin.  Don't allow BASIC over an unsecured connection.
> > > Implement authentication schemes that don't expose the user's secret.
> > > Prevent extensions and scripts from mimicking authentication forms.
> > 
> > Stop sending referers???
> 
> Stop sending pre-connects to recently visited sites when the user starts
> the browser and involuntarily shows he's currently online ?

Why not go whole hog and require a single origin for all resources for everything on a web page?
Oh, yeah. The web would break, but it would sure be sweet for privacy. 		 	   		  

Received on Wednesday, 20 November 2013 07:51:59 UTC