Alissa Cooper's No Objection on draft-ietf-httpbis-client-hints-14: (with COMMENT) from Alissa Cooper via Datatracker on 2020-05-21 (ietf-http-wg@w3.org from April to June 2020)

From: Alissa Cooper via Datatracker <noreply@ietf.org>
Date: Thu, 21 May 2020 06:45:09 -0700
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-httpbis-client-hints@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, Mark Nottingham <mnot@mnot.net>, mnot@mnot.net
Message-ID: <159006870863.12702.17567729594777906050@ietfa.amsl.com>

Alissa Cooper has entered the following ballot position for
draft-ietf-httpbis-client-hints-14: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-client-hints/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Section 1: "passively providing such information allows servers to silently
fingerprint the user" --> isn't pretty much all fingerprinting silent?

Moreover, I think it would be good to explain in Section 1 that Client Hints
provides a way for servers to actively fingerprint clients rather than doing it
passively.

Section 2.1: "Without such an opt-in, user agents SHOULD NOT send high-entropy
hints, but MAY send low-entropy ones [CLIENT-HINTS-INFRASTRUCTURE]." --> Given
the use of normative language here, I think either this doc or the referenced
doc needs to define what high-entropy hints are. Are all hints not defined as
low-entropy considered to be high-entropy? If so, then I think a change along
the lines of what Benjamin proposed is warranted. If not (as the text in
Section 4.1 sort of indicates), then this doc needs to specify what
high-entropy hints are.

Section 4.1: "user choice mechanisms that allow users to balance privacy
concerns against bandwidth limitations" --> This is vague enough that I don't
understand what it is talking about. What is an example of such a mechanism?

Section 4.1:

   "The header-based opt-in means that we can remove passive
   fingerprinting vectors, such as the User-Agent string (enabling
   active access to that information through User-Agent Client Hints
   [4]), or otherwise expose information already available through
   script (e.g. the Save-Data Client Hint [5]), without increasing the
   passive fingerprinting surface."

How about changing that "we can" into a recommendation to do so? In other
words, could this document recommend that if User-Agents are sending certain
information in Client Hints that they stop sending it or similar information
via other headers? Maybe this is too obvious, but given the breadth of HTTP
clients in the wild, it may help to state the obvious.

Received on Thursday, 21 May 2020 13:45:23 UTC