Re: A proposal

And to improve second person privacy don't send ETAGs.

Regards,
Roland


On 20.11.2013 08:51, Yoav Nir wrote:
>
>
> > Date: Wed, 20 Nov 2013 02:43:30 +0100
> > From: w@1wt.eu
> > To: nicolas.mailhot@laposte.net
> > CC: fielding@gbiv.com; stephen.farrell@cs.tcd.ie; ietf-http-wg@w3.org
> > Subject: Re: A proposal
> >
> > On Tue, Nov 19, 2013 at 08:00:17PM +0100, Nicolas Mailhot wrote:
> > >
> > > Le Mar 19 novembre 2013 09:43, Roy T. Fielding a écrit :
> > >
> > > > Furthermore, I have a hard time believing the privacy propaganda
> > > > being spread by the browser makers. If they want to improve
> > > > privacy, all they have to do is remove the crappy features
> > > > that cause their HTTP use to be insecure. Stop blaming the
> > > > protocols for exposing information that shouldn't be sent in
> > > > the first place.
> > > >
> > > > Don't allow cookies from a secure site to be sent to a 
> non-secured site.
> > > > Double-key cookies so that they don't share information across 
> multiple
> > > > referring sites. Implement an obvious logout in the UI chrome.
> > > > Don't send cached credentials if the referring document isn't 
> trusted
> > > > or same-origin. Don't allow BASIC over an unsecured connection.
> > > > Implement authentication schemes that don't expose the user's 
> secret.
> > > > Prevent extensions and scripts from mimicking authentication forms.
> > >
> > > Stop sending referers???
> >
> > Stop sending pre-connects to recently visited sites when the user starts
> > the browser and involuntarily shows he's currently online ?
>
> Why not go whole hog and require a single origin for all resources for 
> everything on a web page?
>
> Oh, yeah. The web would break, but it would sure be sweet for privacy.