W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Fwd: New Version Notification for draft-nottingham-http-proxy-problem-01.txt

From: James M Snell <jasnell@gmail.com>
Date: Tue, 15 Jul 2014 10:24:54 -0700
Message-ID: <CABP7RbeGA3vVzFXrdPVjYBwuLWixs2FaSLecJe6gSCtQ-bK2Qw@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Eric Rescorla <ekr@rtfm.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Cutting a trail is not the same as paving it over. Let's not get ahead
of ourselves. The fact is: in today's applications, there is very
little (if any) real separation between the path and the query, and
application developers put stuff all over the place. If you want
developers to start separating those, you need to educate before you
can standardize. Regarding the privacy claims specifically, there's
are a ton of things someone can learn given nothing but the method and
routing information. Let's not fool ourselves into thinking that even
the most rudimentary activity information is somehow "safe" from
disclosure.

On Tue, Jul 15, 2014 at 10:08 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <CABcZeBPo9NScd4bLfxJEyMWvQYn6Si0jfbsh-g3-fhcmoMW4GA@mail.gmail.com>
> , Eric Rescorla writes:
>
>>This seems like a forward-looking statement. I'm addressing it's current
>>truth value, and as I said, I believe that's not currently accurate.
>
> Standardization is a forward-looking activity.
>
> If we want to implement something like what I outlined in the future,
> we should start to pave the road for it now.
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>
Received on Tuesday, 15 July 2014 17:25:41 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC