Re: Working Group Last Call: HTTP Client Hints from Yoav Weiss on 2020-02-27 (ietf-http-wg@w3.org from January to March 2020)

From: Yoav Weiss <yoav@yoav.ws>
Date: Thu, 27 Feb 2020 11:24:04 +0100
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Tommy Pauly <tpauly@apple.com>
Message-ID: <CACj=BEgdSM7_4en2vPeHHrKmbkTiAx62FA1vQjxjEuWz8Q4nuQ@mail.gmail.com>

The PR <https://github.com/httpwg/http-extensions/pull/1072> is now merged
and addresses most of the comments.

On Mon, Feb 24, 2020 at 9:01 AM Yoav Weiss <yoav@yoav.ws> wrote:

> Thanks for your feedback, Julian!
> I PRed the related changes at
> https://github.com/httpwg/http-extensions/pull/1072
>
>>
>> In 4.1:
>>
>>     o  Entropy
>>
>>        *  Exposing highly granular data may help identify users across
>>           multiple requests to different origins.  Reducing the set of
>>           field values that can be expressed, or restricting them to an
>>           enumerated range where the advertised value is close but is not
>>           an exact representation of the current value, can improve
>>           privacy and reduce risk of linkability by ensuring that the
>>           same value is sent by multiple users.
>>     o  Sensitivity
>>
>>        *  The feature SHOULD NOT expose user sensitive information.  To
>>           that end, information available to the application, but gated
>>           behind specific user actions (e.g. a permission prompt or user
>>           activation) SHOULD NOT be exposed as a Client Hint.
>>     o  Change over time
>>
>>        *  The feature SHOULD NOT expose user information that changes
>>           over time, unless the state change itself is also exposed (e.g.
>>           through JavaScript callbacks).
>>
>> The list is structured a bit strange. Maybe make it a definition list.
>>
>
> Can you point to an example of what you mean by that?
>

Julian - friendly ping on this question :)


>
>>
>>
>> Appendix A.  Interaction with Variants Response Header Field
>>
>>     Client Hints may be combined with Variants response header field
>>     [VARIANTS] to enable fine-grained control of the cache key for
>>     improved cache efficiency.  Features that define Client Hints will
>>     need to specify the related variants algorithms as described in
>>     Section 6 of [VARIANTS].
>>
>> Unless we're planning to finish VARIANTS really soon, I'd drop this
>> appendix.
>>
>
> mnot - thoughts?
>

Friendly ping! :)

Received on Thursday, 27 February 2020 10:24:35 UTC