Re: Alt-Svc Privacy Concerns from Erik Nygren on 2016-04-10 (ietf-http-wg@w3.org from April to June 2016)

From: Erik Nygren <erik@nygren.org>
Date: Sun, 10 Apr 2016 15:00:48 -0400
To: Phil Lello <phil@dunlop-lello.uk>
Cc: Ryan Hamilton <rch@google.com>, Patrick McManus <mcmanus@ducksong.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CAKC-DJgcQuW709jkEA54EJc8dnKiZtuxDC9E530Odrk_S-Ukcg@mail.gmail.com>

On Sat, Apr 9, 2016 at 1:41 PM, Phil Lello <phil@dunlop-lello.uk> wrote:

> I'm concerned that Alt-Svc, especially used like this, is re-introducing
> the sort of privacy issues people have been trying to eliminate with
> cookies for years. Appologies if this has already been discussed and I
> missed it.
>

I don't see the issue here really being with Alt-Svc. Rather, this is
another issue/risk with consolidating requests for multiple origins onto a
single TLS connection that has a valid cert for all of the origins. (I
don't think this was on my list in the slides in B.A. in discussion of the
ORIGIN frame and related topics, but is certainly in that class I'd
issues.)

I'm not sure I see how Alt-Svc actually makes this worse by itself.  I do
agree that when we look at the proposal for adding additional allowed
server certs to a connection that this will certainly be something we'll
want to discuss in more detail (although that is also orthogonal from
Alt-Svc).

A general point (which goes as much to UI behavior as anything) is that the
Secure Connection Info tab in many browsers only shows the CN and buries
the SANs below what users might normally see.  (And even in today's world,
resources embedded in pages are also typically not something users see and
provide many opportunities for active linking of users, such as through
URIs.)

       Erik

(resending with some edits from an email address hopefully on the list ACL)

Received on Sunday, 10 April 2016 19:01:21 UTC