- From: Greg Wilkins <gregw@intalio.com>
- Date: Fri, 21 Nov 2014 14:59:27 +1100
- To: HTTP <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NGdZqykuhpZtsO=_RrshWeZx-i6z+c0xPb-O_FrV55oEQ@mail.gmail.com>
Mark, I can think of many ways that HTTP/1.1 can be used by a server to measure the latency to a client - even more when TLS is used. So nothing new there. Also HTTP1.1 has persistent connections, so multiplexing is not really a new form of tracking, albeit maybe a little bit more effective now. Warning that cookies and SSL ID's can be used to track users is OK because they are part of the protocol. But there are so many ways that network meta data can be used to identify users that I don't think we can produce an exhaustive list and a partial list has little value. regards On 21 November 2014 14:28, Mark Nottingham <mnot@mnot.net> wrote: > <https://github.com/http2/http2-spec/issues/645> > > In private discussion with folks from Tor, a few privacy concerns came up > which seemed good to document. I've made a pull proposing relevant changes: > > <https://github.com/http2/http2-spec/pull/647> > > Any thoughts? > > Cheers, > > -- > Mark Nottingham https://www.mnot.net/ > > > -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Friday, 21 November 2014 03:59:55 UTC