IETF Logo Mail Archive

Re: Migrating some high-entropy HTTP headers to Client Hints.

Martin J. Dürst <duerst@it.aoyama.ac.jp> Tue, 15 January 2019 10:18 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A001F130DEA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 15 Jan 2019 02:18:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.063
X-Spam-Level:
X-Spam-Status: No, score=-2.063 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FROM_EXCESS_BASE64=0.979, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=itaoyama.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2TpKwWmXxwnb for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 15 Jan 2019 02:18:11 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41929127133 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 15 Jan 2019 02:18:11 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1gjLlA-0003zs-Iv for ietf-http-wg-dist@listhub.w3.org; Tue, 15 Jan 2019 10:15:52 +0000
Resent-Date: Tue, 15 Jan 2019 10:15:52 +0000
Resent-Message-Id: <E1gjLlA-0003zs-Iv@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <duerst@it.aoyama.ac.jp>) id 1gjLl7-0003zA-Sj for ietf-http-wg@listhub.w3.org; Tue, 15 Jan 2019 10:15:49 +0000
Received: from mail-eopbgr1410098.outbound.protection.outlook.com ([40.107.141.98] helo=JPN01-OS2-obe.outbound.protection.outlook.com) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from <duerst@it.aoyama.ac.jp>) id 1gjLl4-0006MO-Gm for ietf-http-wg@w3.org; Tue, 15 Jan 2019 10:15:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=itaoyama.onmicrosoft.com; s=selector1-it-aoyama-ac-jp; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=08a/w3WOTGr6ZwpnJjeVZpd0GGzXThb2TWdI4jT2fWg=; b=SdYJee1k3Z7bwj2XZW1N58SpQ8o4kEmPBz8AApGT3Z44g+VSyz1Yv3Trqo1d/8bubq62XDLL8MGW3wGHx0Us01Vr0B45h7ZdLfIrBVUZhmXEIOgtec99vVVFK7pvTpyXe8VUssPfRcL0QPmZGCX0mmPEUXl2TElfnBnMumZTTR0=
Received: from OSAPR01MB4434.jpnprd01.prod.outlook.com (20.179.176.23) by OSAPR01MB2532.jpnprd01.prod.outlook.com (52.134.246.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.14; Tue, 15 Jan 2019 10:15:22 +0000
Received: from OSAPR01MB4434.jpnprd01.prod.outlook.com ([fe80::ad9e:b56b:5805:b51]) by OSAPR01MB4434.jpnprd01.prod.outlook.com ([fe80::ad9e:b56b:5805:b51%3]) with mapi id 15.20.1516.019; Tue, 15 Jan 2019 10:15:22 +0000
From: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
To: Mike West <mkwst@google.com>, Ilya Grigorik <igrigorik@google.com>, Yoav Weiss <yoavweiss@google.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: Migrating some high-entropy HTTP headers to Client Hints.
Thread-Index: AQHUqzcJeoletMDkB0GzLH0uXfEyKKWu0+0AgAFMFQA=
Date: Tue, 15 Jan 2019 10:15:22 +0000
Message-ID: <f6129f8d-b4b6-8f05-c18a-aae71e8d0908@it.aoyama.ac.jp>
References: <CAKXHy=eHiMtXi8vkDYtADHdU0tnUfd3p+Wfy7vSkLgT7cA1W0w@mail.gmail.com> <ea4b3bc5-dbfc-7f49-0500-b2319e33e53a@it.aoyama.ac.jp> <CAKXHy=dUy1n5dNkxj_L3Ov=auaZr-L-+ZaneqLq4FCrRQQ72Gw@mail.gmail.com>
In-Reply-To: <CAKXHy=dUy1n5dNkxj_L3Ov=auaZr-L-+ZaneqLq4FCrRQQ72Gw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: KAXPR01CA0048.jpnprd01.prod.outlook.com (2603:1096:402:1a::34) To OSAPR01MB4434.jpnprd01.prod.outlook.com (2603:1096:604:60::23)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=duerst@it.aoyama.ac.jp;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [133.2.210.64]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; OSAPR01MB2532; 6:/o/JuaF0VuHRlDlHI17gBoQiX+BjyDFJZ1sOfG4ri7MwwxO/IrXy4HJUvQSiGGq1jxrLEjnL6Z5/Ah7qv0phr0SuRAFfXQX8F4m6qaj+RxzZ80N3PRaTkC7o5VtVJcnIhFH/bOWSudLPXeVeoX81Urm2kseTLGQRU0OT8I8NapRUUvDagZSddOYI7RxdLMXmZ7bN3sIjVqeYFWErcVPhn0ogxDm6itqEnoa7Q+9OOOyWaFKDe1bpWRxXduVZ/aezgPXDQEuBMljAHTB8x408Zfa8POLSQ7jEBvO8QAWNMVfnO2Tyjs4NQPdj9427DDvj9Korj7V1wxeOSJinbQQWfUZ9OdAhEaDDikZH0Fhh3Nc/pn/msFkxqF2PCxYtfhfjRSBBC43fWsN1KcsNronv/xeRm8rkfFFPJcBUHVX1qO4m977g2R1W1gwHcqsgcVQ6WGbtJgHWy7GuGi+VDv1Z8Q==; 5:n+y26+mHhI0TPYSuBzpnrqZNBcI7L+vBtiHrPo8DrD+rfHGQ6nwoDsZ3lCHw40RN9c3phXlHPUjk/Zo+JKTHke9uibGkvp5a493P4OgIbINud6gYV7yanwwTczJEpehm5kR9rU1iSciWWbtiATGSTTUTfxxmSX4y/LD9On4nQw4ZxzdLOASgWl9oXy0yAzxBo5FXMrNm/qqjl7x69fBaTQ==; 7:LLTCb649O6N69XllakZ+DCe/AeXSjIDWqnvuNH1718WaXnGCwvrO8XUyGaR8H5GTcI14h0xR5t6hvmRvZv/uCZ0h3VTUPU3Em8xHnKWEnW1vkfbcMdZpOpj1cCBRvZMFUAbCAuUbE+d/QTtB4GjWpw==
x-ms-office365-filtering-correlation-id: 56331f5a-f715-461b-acb0-08d67ad25c0c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(5600109)(711020)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(2017052603328)(7153060)(7193020); SRVR:OSAPR01MB2532;
x-ms-traffictypediagnostic: OSAPR01MB2532:
x-microsoft-antispam-prvs: <OSAPR01MB253299196C10E9AEE67AD473CA810@OSAPR01MB2532.jpnprd01.prod.outlook.com>
x-forefront-prvs: 0918748D70
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(376002)(136003)(346002)(39840400004)(199004)(189003)(68736007)(76176011)(52116002)(486006)(305945005)(11346002)(14444005)(256004)(8936002)(7736002)(8676002)(316002)(81156014)(99286004)(6506007)(25786009)(386003)(110136005)(4326008)(476003)(2616005)(81166006)(446003)(6512007)(53546011)(102836004)(6306002)(6246003)(786003)(53936002)(31696002)(3846002)(6116002)(966005)(2906002)(508600001)(86362001)(31686004)(6436002)(5660300001)(229853002)(6486002)(186003)(26005)(97736004)(66066001)(74482002)(85182001)(71200400001)(14454004)(71190400001)(85202003)(105586002)(106356001); DIR:OUT; SFP:1102; SCL:1; SRVR:OSAPR01MB2532; H:OSAPR01MB4434.jpnprd01.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: it.aoyama.ac.jp does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Vd5fl6Vy511GYUiG37M5z1Swa+w/EmPP57iX3eFbP73m1mn9wrrc7O2MHbtLfL5KKBa0/gi8qOX3W33/tf4TTc57VIqrt0LkvLzsv8WV7RGT3E81l3IlZzKErIRCeRn4ykx+0/casYg02Lwj4vl4c714gUx/VwhcEptutciRp3L+ZH4dgCU7fDT76isPZyreD7FU5mF11+5EaFjiSmdbc4Tfu7uHzKt09d+bTzNDpr5RjDQPann+2ZiUWYYvEDHRhijYRv/g7bp72XKJYu82uc1yiYLDtFkFq5Aw3IgmzCScnyXnDVfHBmd987nIzS4rGU4Zv/Z2GZn++xZP6Zv8Vs934ZSHvUQXGIvwDdT3Doqg7qGFEHY209uqRbZniVpa6qAW9xXWD5ZwZL/TP+X/Xa+e4RqBV3RVYnKTdEmSwGs=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <4D1F6411345CB14DBB487AAECE95EFAC@jpnprd01.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: it.aoyama.ac.jp
X-MS-Exchange-CrossTenant-Network-Message-Id: 56331f5a-f715-461b-acb0-08d67ad25c0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2019 10:15:22.4578 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e02030e7-4d45-463e-a968-0290e738c18e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSAPR01MB2532
X-W3C-Hub-Spam-Status: No, score=-7.2
X-W3C-Hub-Spam-Report: AWL=0.691, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1gjLl4-0006MO-Gm b701df140bd7438f311d5ec965f91b85
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Migrating some high-entropy HTTP headers to Client Hints.
Archived-At: <https://www.w3.org/mid/f6129f8d-b4b6-8f05-c18a-aae71e8d0908@it.aoyama.ac.jp>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36272
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hello Mike,

Many thanks for your explanations.

On 2019/01/14 23:26, Mike West wrote:

> Hey Martin, good question!
> 
> In short, the client hints infrastructure places a number of limitations on
> the ways in which hints can be enabled for a given request. Some of those
> are documented in
> https://tools.ietf.org/html/draft-west-lang-client-hint-00#section-3. I'll
> hit the highlights below:
> 
> 1.  No plaintext delivery; hints can be delivered over encrypted channels,
> which means that we'll substantially reduce the scope of leakage to network
> attackers.
> 
> 2.  Client hints are moving to a delegation model whereby "first-party"
> responses (top-level navigations, etc) can opt-into receiving hints, but
> subresource requests cannot. That is, assuming the server you're talking
> about above lives at `https://fingerprinter.com/`, it can obtain access
> when the user directly navigates to `https://fingerprinter.com/`, but can
> only obtain access in third-party contexts (e.g. when embedded as a frame
> on `https://publisher.com/`) if the top-level domain explicitly delegates
> the privilege to it. Note that there's some ongoing work (described in
> https://tools.ietf.org/html/draft-west-lang-client-hint-00#section-3.2) to
> bring the various specifications up to date with this decision. +Ilya
> Grigorik <igrigorik@google.com>, +Yoav Weiss <yoavweiss@google.com>, and
> friends are working through those.
> 
> 3.  Because this data is no longer broadcast by default, but must be
> explicitly requested, the onus falls upon the requestor to justify the
> request. The explicitness makes it easier for researchers to dig into data
> usage, and, in the best case, brings abuses to light.
> 
> Does that answer your question?

Partially. But let me be more specific about the threat scenario I'm 
thinking about. Web sites use all kinds of third party services, some of 
the main ones being advertising and analytics. All these services come 
with installation instructions. My (easy, I'd say) guess is that these 
installation instructions will include instructions to activate the 
necessary third-party opt-ins for the server in question for those 
third-party services that are interested in fingerprinting.

Given that many third-party services are interested in fingerprinting, 
and that many Web administrators follow instructions carefully, I'd 
guess that most sites will end up with fingerprinting third-party 
services anyway. Those sites not interested in fingerprinting didn't 
analyse the Accept... headers to begin with.

Regards,   Martin.

v2.23.0 | Report a Bug | By Email