Re: Treating paths and queries differently, was: Fwd: New Version Notification for draft-nottingham-http-proxy-problem-01.txt from James M Snell on 2014-07-15 (ietf-http-wg@w3.org from July to September 2014)

From: James M Snell <jasnell@gmail.com>
Date: Tue, 15 Jul 2014 07:28:15 -0700
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Mark Nottingham <mnot@mnot.net>, Eric Rescorla <ekr@rtfm.com>, HTTP Working Group <ietf-http-wg@w3.org>, Poul-Henning Kamp <phk@phk.freebsd.dk>
Message-ID: <CABP7Rbe7DYXg=p8B1uUt4qSaav9smQxO31W_OhQXVA5tHnUJbA@mail.gmail.com>

+1.
On Jul 15, 2014 7:05 AM, "Julian Reschke" <julian.reschke@gmx.de> wrote:

> On 2014-07-15 15:42, Eric Rescorla wrote:
>
>>  ...
>>
>> Mark can of course do as he likes with his document, but I would
>> not support adding this text to a WG document as I do not believe
>> that it is accurate.
>>
>> It is quite common to have sensitive information in the path part of
>> URLs (for instance, Amazon item numbers appear here), and in
>> many cases, this is the only sensitive information required to
>> reconstruct the user's browsing history. I don't consider this to
>> be "very little actual privacy" loss.
>>
>> -Ekr
>>
>
> Agreed. We shouldn't rely on a perceived difference that neither is backed
> up by the specs, nor is there in practice.
>
> Best regards, Julian
>
>

Received on Tuesday, 15 July 2014 14:28:42 UTC