- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 30 Nov 2018 11:29:47 +1100
- To: Mike West <mkwst@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Ilya Grigorik <igrigorik@google.com>
I, for one, welcome our new Client Hint overlords. Personally, I'd like to see these integrated into the current CH document, rather than as separate drafts. CH still needs some work, so it's not like we're going to get it out the door tomorrow. However, it seems like Ilya wants to go in a different direction, based upon the notes we received for Bangkok. Ilya, your thoughts? > On 29 Nov 2018, at 9:22 pm, Mike West <mkwst@google.com> wrote: > > Hey folks, > > Section 9.7 of RFC7231 rightly notes that some of the content negotiation headers user agents deliver in HTTP requests create substantial fingerprinting surface. I think it would be beneficial if we took steps to reduce their prevalence on the wire, and Client Hints looks like a reasonable infrastructure on top of which to build. > > `User-Agent` and `Accept-Language` seem like particularly tasty and low-hanging fruit, and I've sketched out two proposals as proofs of concept: > > * `User-Agent` could be represented as ~four distinct hints: `UA`, `Model`, `Platform`, and `Arch`: https://github.com/mikewest/ua-client-hints is a high-level explainer, and https://tools.ietf.org/html/draft-west-ua-client-hints a sketchy ID for the new headers. > > * `Accept-Language` could be represented as a `Lang` hint: https://github.com/mikewest/lang-client-hint is a high-level explainer, https://tools.ietf.org/html/draft-west-lang-client-hint an equally sketchy ID for the new header. > > I'd appreciate y'all's feedback. Thanks! > > -mike -- Mark Nottingham https://www.mnot.net/
Received on Friday, 30 November 2018 00:30:29 UTC