- From: Jim Ley <jim.ley@gmail.com>
- Date: Wed, 9 Mar 2005 16:55:54 +0000
On Wed, 9 Mar 2005 08:42:25 -0800, Chris Holland <frenchy at gmail.com> wrote: > On Wed, 9 Mar 2005 12:14:52 +0000, Jim Ley <jim.ley at gmail.com> wrote: >> Are you sure you're not advocating this to get around privacy based >> proxies of the type that normally disable such referrer based content >> so as to reliably block >> privacy invasions? > > well, if a proxy starts filtering out http headers sent by the client, > there isn't much we can do about that now is there. heh. Who said anything about proxy? You were requiring that a conformant gibberishName UA send the correct referrer header, that's something that many people, and many browsers currently do not want to do for valid privacy concerns. Just saying "there's nothing we can do about those" when you've not really provided a use case for the information in the first place isn't a good way to go I think. > thanks for the feedback! :) The biggest problem is you've not provided use-cases, you've not provided any security analysis of your proposal, as it stands it's extremely inadequate. Come up with some use-cases, and a real analysis of what extra features need to be added to make it secure, what impact it has on privacy etc. Cheers, Jim.
Received on Wednesday, 9 March 2005 08:55:54 UTC