- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 28 Nov 2017 10:10:12 +0100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <mcmanus@ducksong.com>
On 2017-11-28 09:48, Poul-Henning Kamp wrote: > -------- > In message <5821D7EE-F4E3-4E74-93CE-FE1D58112258@mnot.net>, Mark Nottingham writes: > >> In Singapore, it seems like there was broad acknowledgement that doing >> HTTPter is a good idea, but there was some concern about the schedule, >> especially since QUIC might depend upon or interact with it. > > How about we call it HTTP3 instead, and focus on all the stuff that > can or should be removed, in order to reduce implementation complexity, > privacy concerns and efficiency ? That sounds to be very different task to do. > To give one example: > > The pervasive wiretapping by NSA+friends which got IETF all hot and > bothered. > > But NSA+friends are at least in theory under some kind of public > oversight, and generally focused only on their charter goals. > > For comparison HTTP Cookies are used to invade the privacy of every > single person on the planet, by any number of large transnational > tax-evading companies, by any method which will bring them a profit. > > Whatever "oversight" the shareholders exercise, is all focused on > increasing that profit, because the shareholders are mainly > tax-sheltered transnational funds, which invest purely to make a > profit. > > In QUIC there should be no Cookies, but instead a client chosen > session identifier, so that clients get a real, rather than a pretend > "private browsing" choice. > > As a side effect, replacing many kilobytes of fatty cookies with > a 128 or even 256 bit session identifier will save tons of > bandwidth and processing power. > ... Well, cookies aren't even defined in the specs we're planning to revise as part of this activity... Best regards, Julian
Received on Tuesday, 28 November 2017 09:10:56 UTC