- From: Soni L. <fakedme+http@gmail.com>
- Date: Mon, 30 Jan 2023 15:47:50 -0300
- To: ietf-http-wg@w3.org
On 1/30/23 04:44, Fabian Keil wrote:
> "Soni L." <fakedme+http@gmail.com> wrote on 2023-01-29 at 11:45:53:
>
> > It would be appreciated if there were a slower HTTP, with more round
> > trips, explicitly designed with privacy negotiation in mind.
> >
> > Importantly, you can't leak data which you do not have. The best way to
> > not have that data is to not receive it.
> >
> > Why does a server need to accept user agents and a bunch of other
> > unnecessary stuff if it isn't gonna use it? Doesn't it just make the
> > server more liable for no good reason? Make it possible to turn it off!
> > Most of it can just be turned off.
> >
> > In fact, the simplest servers (static hosting) only really need the URL
> > and the Host. Everything else is unnecessary liability.
>
> It's not exactly what you ask for, but Privoxy [0] has a
> delay-response{} response action [1] that is somewhat related.
>
> Fabian
>
> [0] <https://www.privoxy.org/>
> [1] <https://www.privoxy.org/user-manual/actions-file.html#DELAY-RESPONSE>
It's not at all what we ask for! Uh, we mean like, why does the HTTP
server have to parse and discard the User-Agent header and another 10 or
so headers which it has no use for, instead of just... not receiving
those headers in the first place?
Why can't the client send URL and Host, then wait for the server to send
a Headers Required message, then send the required headers (which may be
none)? Yes, it takes longer (more RTTs), but the best way to improve
privacy is to not have the data in the first place.
Received on Monday, 30 January 2023 18:48:06 UTC