Re: Verizon Wireless ISP-injected tracking info used to reconstruct deleted cookies from Paul Libbrecht on 2015-01-16 (www-tag@w3.org from January 2015)

From: Paul Libbrecht <paul@hoplahup.net>
Date: Fri, 16 Jan 2015 19:34:46 +0100
To: Noah Mendelsohn <nrm@arcanedomain.com>
Cc: Chris Palmer <palmer@google.com>, "www-tag@w3.org" <www-tag@w3.org>
Message-Id: <F9521B70-3257-401A-8BCA-80A9917B1D1A@hoplahup.net>

One thing that this practice, of providers transparently proxying http traffic, bothers is when people try to use both http and https.
On a website I develop for, users submit their login using https, but otherwise http is used.
Login fails on these networks, because the cookie is attached to the IP.
I am not sure we are alone doing this kind of ping-pong, are we?

paul


On 16 janv. 2015, at 18:10, Noah Mendelsohn <nrm@arcanedomain.com> wrote:

> No, but I think the TAG can play a useful role in documenting which of the problems we see "in the wild" the move to HTTPS will "solve", which it won't etc. Not everything we do as a community or that the TAG does can be 100% effective, but IMO a key role of the TAG is to document tradeoffs, and to explain both the strengths and weaknesses of any proposed architectural change. In this case, many readers of TAG Findings will be less informed than the TAG. I think it will be helpful to clearly say: "This is what we can reasonably expect the move to do for HTTPS to do for you; these are some of the problems you might naively expect it to solve that it might not."

Received on Friday, 16 January 2015 18:35:17 UTC