- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 28 Nov 2017 08:48:05 +0000
- To: Mark Nottingham <mnot@mnot.net>
- cc: HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
-------- In message <5821D7EE-F4E3-4E74-93CE-FE1D58112258@mnot.net>, Mark Nottingham writes: >In Singapore, it seems like there was broad acknowledgement that doing >HTTPter is a good idea, but there was some concern about the schedule, >especially since QUIC might depend upon or interact with it. How about we call it HTTP3 instead, and focus on all the stuff that can or should be removed, in order to reduce implementation complexity, privacy concerns and efficiency ? To give one example: The pervasive wiretapping by NSA+friends which got IETF all hot and bothered. But NSA+friends are at least in theory under some kind of public oversight, and generally focused only on their charter goals. For comparison HTTP Cookies are used to invade the privacy of every single person on the planet, by any number of large transnational tax-evading companies, by any method which will bring them a profit. Whatever "oversight" the shareholders exercise, is all focused on increasing that profit, because the shareholders are mainly tax-sheltered transnational funds, which invest purely to make a profit. In QUIC there should be no Cookies, but instead a client chosen session identifier, so that clients get a real, rather than a pretend "private browsing" choice. As a side effect, replacing many kilobytes of fatty cookies with a 128 or even 256 bit session identifier will save tons of bandwidth and processing power. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 28 November 2017 08:48:58 UTC