- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 17 Aug 2018 15:44:24 +0000
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- cc: Rigo Wenning <rigo@w3.org>, Mike West <mkwst@google.com>, squid3@treenet.co.nz, rigo@w3c.org, HTTP Working Group <ietf-http-wg@w3.org>
-------- In message <7999a7ef-cc5e-7d75-df9f-24acbb4a47f7@cs.tcd.ie>, Stephen Farrell wr ites: >Not sure I agree there, if UAs by default sent a different >64 bit randomly generated ID to each origin and kept those >IDs for a long time, that seems worse to me than the current >situation. (I'm not saying that's Mike's proposal, but >just disagreeing with your "no big difference" statement.) How is that worse than sending an opaque cookie, possibly containing imcompetently protected GDPR-covered personal information for a long time ? At least with a randomly generated ID, you know it cannot leak information on the local machine (hacked/lost/discarded). -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 17 August 2018 15:44:53 UTC