W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Fwd: New Version Notification for draft-nottingham-http-proxy-problem-01.txt

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Tue, 15 Jul 2014 15:52:03 +0000
To: Eric Rescorla <ekr@rtfm.com>
cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <32132.1405439523@critter.freebsd.dk>
In message <CABcZeBOf62xCfnrtoqXMzGTW=WLtXwbi0YgTPaFZ4kp+0-t8tg@mail.gmail.com>, Eric Rescorla wr

>It is quite common to have sensitive information in the path part of
>URLs (for instance, Amazon item numbers appear here), and in
>many cases, this is the only sensitive information required to
>reconstruct the user's browsing history. I don't consider this to
>be "very little actual privacy" loss.

And nothing prevents these apps from demanding full privacy (ie: TLS).

But with a view to the future, all they need to do is shift the
sensitive part of the data to the :query side, and they'll fine.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 15 July 2014 15:52:28 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC