RE: I-D Action: draft-ietf-httpbis-client-hints-03.txt

"Mike O'Neill" <> Sat, 03 December 2016 10:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4B4BC129670 for <>; Sat, 3 Dec 2016 02:02:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.797
X-Spam-Status: No, score=-9.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Xifh9tnHqV96 for <>; Sat, 3 Dec 2016 02:02:46 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BDD1712966E for <>; Sat, 3 Dec 2016 02:02:46 -0800 (PST)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1cD76Z-0001Y5-Ha for; Sat, 03 Dec 2016 09:59:39 +0000
Resent-Date: Sat, 03 Dec 2016 09:59:39 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1cD76N-0001VM-Am for; Sat, 03 Dec 2016 09:59:27 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <>) id 1cD76F-0003IC-CY for; Sat, 03 Dec 2016 09:59:21 +0000
Received: from ValeriesPC ([]) by :SMTPAUTH: with SMTP id D75FcjjSQzB8pD75GcW2vL; Sat, 03 Dec 2016 02:58:18 -0700
From: Mike O'Neill <>
Cc:, "'public-privacy (W3C mailing list)'" <>
References: <>
In-Reply-To: <>
Date: Sat, 03 Dec 2016 09:58:01 -0000
Message-ID: <15ba01d24d4b$bbd65ec0$33831c40$>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJC775/vfb+bpuXLqJwOpSyCurBo6AUr/qQ
Content-Language: en-gb
X-CMAE-Envelope: MS4wfLVBZTPqnSk2JE21vXjE1dfzrsBCHvUU+AiC5v2j93FuQYxPyNtN9nI0BrvNHcRPrOCETBFhLsAjwcOlF4T3QJh9gbiVZgWkBJyMpoafFWxLMSrCiWyI PzjZ6rRr9YIsKFxjB7D0gtORKRJrDmdtsgd07NXCBlc4qUtGp8e/gZcUQrq8qbP0mBHKF/27xUNi0X/H4AUvMd2u0qppuycHZkQeZ7eEL50Dyiz7lkcvONAT 3WabtD/spdvHiFN7QoiZ278stWBZcuSxGvUeQzsPu9wn41z1SqY1GD3MQZIXpUyF
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-7.5
X-W3C-Hub-Spam-Report: AWL=1.371, BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: 1cD76F-0003IC-CY 6b9f654d36a28b2a2590cd81e6bd8b43
Subject: RE: I-D Action: draft-ietf-httpbis-client-hints-03.txt
Archived-At: <$bbd65ec0$33831c40$>
X-Mailing-List: <> archive/latest/33101
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

I worry that this makes fingerprinting easier for tracking servers, especially for subresources. 
It is true that these capabilities are already available via JS but only for browsing contexts and the extra turnaround forces some stickiness. This would make these granular user-agent capabilities immediately available to any resource, without need for a round trip.

I think that at least the availability of a user opt-in should be a MUST.

-----Original Message-----
From: [] 
Sent: 02 December 2016 18:08
Subject: I-D Action: draft-ietf-httpbis-client-hints-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Hypertext Transfer Protocol of the IETF.

        Title           : HTTP Client Hints
        Author          : Ilya Grigorik
	Filename        : draft-ietf-httpbis-client-hints-03.txt
	Pages           : 13
	Date            : 2016-12-02

   An increasing diversity of Web-connected devices and software
   capabilities has created a need to deliver optimized content for each

   This specification defines a set of HTTP request header fields,
   colloquially known as Client Hints, to address this.  They are
   intended to be used as input to proactive content negotiation; just
   as the Accept header field allows clients to indicate what formats
   they prefer, Client Hints allow clients to indicate a list of device
   and agent specific preferences.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at

Internet-Drafts are also available by anonymous FTP at: