Re: Fwd: New Version Notification for draft-nottingham-http-proxy-problem-01.txt

In message <>, Eric Rescorla wr

>It is quite common to have sensitive information in the path part of
>URLs (for instance, Amazon item numbers appear here), and in
>many cases, this is the only sensitive information required to
>reconstruct the user's browsing history. I don't consider this to
>be "very little actual privacy" loss.

And nothing prevents these apps from demanding full privacy (ie: TLS).

But with a view to the future, all they need to do is shift the
sensitive part of the data to the :query side, and they'll fine.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 15 July 2014 15:52:28 UTC