- From: Nico Williams <nico@cryptonector.com>
- Date: Mon, 13 Jun 2011 17:17:41 -0500
- To: Mike Perry <mikeperry@torproject.org>
- Cc: public-web-security@w3.org
On Mon, Jun 13, 2011 at 3:48 PM, Mike Perry <mikeperry@torproject.org> wrote: > I also realized that Sid's idea has a converse that I thought should > be mentioned. There could be an inheritable attribute that allows > sites to request unrestricted referer transmission in a > default-off/restricted referer situation (like Private Browsing Mode). > The chrome could ask for user permission to transmit unrestricted > referers for this site, but in reality I don't think any UI is needed > from a security sense, because sites can smuggle whatever they want > into URL parameters anyways. > > You then solve the "sites screaming bloody murder" point, and referer > transmission at least becomes more explicit instead of easily confused > with negligence and oversight. I like this, very much. Nico --
Received on Monday, 13 June 2011 22:18:12 UTC