W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2019

Re: Migrating some high-entropy HTTP headers to Client Hints.

From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
Date: Sun, 13 Jan 2019 11:56:37 +0000
To: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <ea4b3bc5-dbfc-7f49-0500-b2319e33e53a@it.aoyama.ac.jp>
Hello Mike, others,

On 2018/11/29 19:22, Mike West wrote:
> Hey folks,
> 
> Section 9.7 of RFC7231 <https://tools.ietf.org/html/rfc7231#section-9.7>
> rightly notes that some of the content negotiation headers user agents
> deliver in HTTP requests create substantial fingerprinting surface. I think
> it would be beneficial if we took steps to reduce their prevalence on the
> wire, and Client Hints looks like a reasonable infrastructure on top of
> which to build.

Sorry to be very late, and with a rather basic question:

The point about substantial fingerprinting is definitely important. But 
what's the difference, in terms of fingerprinting, between the following 
two alternatives?

a) The browser sending out Accept-Language,... to a server interested in 
fingerprinting.

b) A server interested in fingerprinting sending out an Accept-CH header 
with the equivalent information, even if the server doesn't need e.g. 
language information for serving the request.

Regards,   Martin.

Received on Sunday, 13 January 2019 11:57:03 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 13 January 2019 11:57:05 UTC