- From: Martin Thomson <mt@lowentropy.net>
- Date: Tue, 07 Feb 2023 07:56:49 -0500
- To: ietf-http-wg@w3.org
On Tue, Feb 7, 2023, at 07:32, Stephen Farrell wrote: > Can someone clarify whether the u= field amounts > to a super-cookie or not, and if not, how that > might be the case? It doesn't have to be. Each site (*) could get a different key pair and key identifier. The draft doesn't say that though, so you are right to ask. This is probably another case where documenting a little more detail about the usage context could help. (*) That's a web term, I know, but the question was also web-related. The more general way to approach this is to say that for servers where the client would not otherwise be linkable, the client must use different keys and key identifiers. On the web, the boundary we use to determine when linkability is assumed or not is site.
Received on Tuesday, 7 February 2023 12:57:24 UTC