Re: Genart last call review of draft-ietf-httpbis-client-hints-13

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 05 May 2020 18:55 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A2043A00E0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 5 May 2020 11:55:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAcqZTyG-2hK for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 5 May 2020 11:55:06 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B896C3A00DB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 5 May 2020 11:55:06 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1jW2fa-00014n-V6 for ietf-http-wg-dist@listhub.w3.org; Tue, 05 May 2020 18:51:55 +0000
Resent-Date: Tue, 05 May 2020 18:51:54 +0000
Resent-Message-Id: <E1jW2fa-00014n-V6@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <christer.holmberg@ericsson.com>) id 1jW2fY-000142-UZ for ietf-http-wg@listhub.w3.org; Tue, 05 May 2020 18:51:52 +0000
Received: from mail-eopbgr50046.outbound.protection.outlook.com ([40.107.5.46] helo=EUR03-VE1-obe.outbound.protection.outlook.com) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <christer.holmberg@ericsson.com>) id 1jW2fW-0004zT-Hf for ietf-http-wg@w3.org; Tue, 05 May 2020 18:51:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mDzxHpRuX1Fqfknf0/Z9KFU4FSpTXW8fIJVeW4ruMUboCrxj9XVwwxiIV5PgiVKl0IxE0KT4eS822XP1dWHaNt4/qxh2GY2JXlRIY2lnnP553UZ5iOzY7VeMVZpcKt30hu1dZUC7fiZFlBkKs/qxCabNED3701f0BIzJogEdEBhWSBJqnNnp4yrHBT3Q7+PAJmL6PMMbwqXXLmqtPN+WZOA/AX8+BE363IXUvQF/OjK9v0xV2od67gDulUjuHlViA0nk5plxzrpmhkY4oJeZXFh3fqF3h7yRBr2n3km8QXaX7XVPQWFCTPswWoAvvnOgYjSx56UhiTxU51xvknK4+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JErs9FgLPiP0zodwjRpAqFGdKDyMYtHaSOxKemOMk0E=; b=aRAVHmVduMw8L9SiNlnae1tKW9rTxN5bQ4/akPT097Ld+a/Oi/yFVqe2VSiB1f821hxfRdv6BpYoth0XNmodPqzCigMk/MhqFFJfIUhAbAahyW2HrDq/8J10I0l/a3qQmCGJOMg2QcHTI41TQdDYoYuvbmKgPwOjpf0RtK3kHW+zy8qaPmAWFVap/eIL2G9+5dawqJj7qR2MrXhLSTgGKUZME05TrQR81rT+szXcSUphTpdb+9VfTlbL13l/4VOxSCXZYNxFqk9n3EIBaIunRt0g5ONRCMpR1GuDvzgI3llhV66vim/ikc7Hmf156BQd3HcJIZ8rB3aWZxZv53KQ/g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JErs9FgLPiP0zodwjRpAqFGdKDyMYtHaSOxKemOMk0E=; b=mnn6i9RQi+dBfRweE2J8Oh7aE/7kAp7REGaodO0WwqWbERxJflec9EsGw+TVv5c3Vda/xfSohP5obViuZJcAt1dXHp8F0lpbBhkLQBDT/F9SsLMAZ+NDm8A5Vc0BmZv7Shf2fJQ5V9Lo7d6x236E/Kv37c+uSVraWT33cbuoFy4=
Received: from AM7PR07MB7012.eurprd07.prod.outlook.com (2603:10a6:20b:1bc::19) by AM7PR07MB7025.eurprd07.prod.outlook.com (2603:10a6:20b:1b9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.14; Tue, 5 May 2020 18:51:36 +0000
Received: from AM7PR07MB7012.eurprd07.prod.outlook.com ([fe80::4c:e502:13cf:87a8]) by AM7PR07MB7012.eurprd07.prod.outlook.com ([fe80::4c:e502:13cf:87a8%4]) with mapi id 15.20.2979.025; Tue, 5 May 2020 18:51:36 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Yoav Weiss <yoav@yoav.ws>
CC: "gen-art@ietf.org" <gen-art@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, "draft-ietf-httpbis-client-hints.all@ietf.org" <draft-ietf-httpbis-client-hints.all@ietf.org>
Thread-Topic: Genart last call review of draft-ietf-httpbis-client-hints-13
Thread-Index: AQHWIq1DN+5hVq5QdEeND9cndeZ6bqiaCVcA
Date: Tue, 5 May 2020 18:51:36 +0000
Message-ID: <A2613BDC-7577-4BED-8AB5-4799973A1586@ericsson.com>
References: <158837305177.24719.21462684096579298@ietfa.amsl.com> <CACj=BEhNqVRxQagFmJ4sbXrn=YOWAYPBqODw_rL7MZbUDjNq5w@mail.gmail.com>
In-Reply-To: <CACj=BEhNqVRxQagFmJ4sbXrn=YOWAYPBqODw_rL7MZbUDjNq5w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: yoav.ws; dkim=none (message not signed) header.d=none;yoav.ws; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [213.216.230.200]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: eeb81f0c-b724-4a18-b080-08d7f12556bf
x-ms-traffictypediagnostic: AM7PR07MB7025:
x-microsoft-antispam-prvs: <AM7PR07MB70253FBAC5C4E3E83B85359993A70@AM7PR07MB7025.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0394259C80
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +WHQA40A5cvyQO4gGheqUC1OsKb1FLFw6Mg13m5RiyheAFQg9dk1miJ5YIyu/VD/J3CjJ0IEKHBv4K405AoGyzHrElDpNyB0u14Hq+pLNXapS+vb33my/EXYerA0i68QkqKLRUCsuWt6VQIQ1owRaOASvf6D4ARVnI82k2Hxul3XcB29yW0jP0Xkr6Ppm2Z9D/ieAPzyVhpSKJqZGXvguV099+/9bumy8wQYi+gKj8TYOkanR6SIlrtf8pjDFLVXpKfP2MHTetbyeGRE5yXtdpGs6pXo5ExFFzGoJNNfQ+rtljDKv5CKWFUaJRO8dTH9YDDcMTWwrmDnUvFXR7Lstrhl8czKSXbRzVZHzLLQfAD7N5fo2J9+1cjNUCPLFiv6kQSmK/ZgtNY7BtvHY4hRseGHo5BhNkPbCaJUdKh1+P5HsjE0GTgeKAQ4L/zCXrY9FyewtJ59sO6jurOAyV7ztoZbwKtzrT7WI0zh7e6SXAhAG/RZv1cxkg4lWGXcq6hqYIjBykyIPXTnGhbOmtavuQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7PR07MB7012.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(33430700001)(4326008)(498600001)(71200400001)(2616005)(44832011)(8936002)(8676002)(91956017)(33440700001)(36756003)(76116006)(66946007)(6506007)(5660300002)(54906003)(66556008)(64756008)(66446008)(186003)(26005)(33656002)(2906002)(6916009)(6486002)(86362001)(6512007)(66476007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata: DipqbxOi7UMzLoCc6KIYCFBG1TwWGWnpGbAOdEbvS8jyAtY6R6Ugw+QhcqBDYNLqPdz7+YBcoAGSe5312DAqMRP0caCZgbLBIY0avING/oochixODfYSQ3G6hIj9b9tqGWrwqXbLbuegeJBTp4ekV6w9Mk+pAGOtYwtyN/MEElPVtIAXdOc7CjGRmhqmAJzeANNw4NcEgRUtlF5qYta4lCzGxH+zE60YvOwJy3vBjIuViqEBxnsxoornIDV3y/oEzojLJ0AlOr1TYPRLfbDGECHNBk1Je24lhPdVfo5b1mdvTZTaymTYd5Y3fwBz3hRt9jJMFhqxCl8mP4MhbsgqddZtVGqDHZNvYKdOnyJjfWCG0q34zbkFTT6A7DGJ8S4qAOmTRomirRm9G3fdoXoZ9bcahTZSi4hmWCpberYE8rb2Ni/2agVG75uGgkSumLidl2UIFZYdKhuiU6wwk5jtp0DbmWKAFiaNP27orv4dSpMcjNzcmFHYnu+mvtq0dD8P24kH9FUAFUH8HNdML7JIjgSzCPtMRdaGDWnuVSAcow+RVxPataoWOL0N9NBr5ntXLQxcLcvmeR+lw1/kMq8Zbkdb38BRbV4rq5OMy6gxCHdeSZ2PnPsKGIG6z8kOyxddeyXZNf/PA7DwMAGOVokS0Zs4ytlKRVQnsuK18BLJjUg0+1pRVNOXxJvFdw1D/clxRFjkot6W6yhK77CpINfW0iRbec53wi469tk7MtZYdg/3KMhwD6kU88pOJ1jaN0LZvkxHhhi0pRWecrWvsrAETc+wO7qhj5AKdgqJhbJ0f1cPdITuqHitpGkZwXxtRrBk
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <37D6B29465699D4097CF2DC9B061D6EE@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eeb81f0c-b724-4a18-b080-08d7f12556bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 May 2020 18:51:36.7273 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wvr9LgMepKVQwSdTzz5atzjD9F2a+yRV4e/1m/nbP+gZCEY9U+MiCL2Y5RaYfv1VS39NwFAdqlFlTdLi/JTj0pDjdik0VSMzeRVpBL3JWSU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB7025
Received-SPF: pass client-ip=40.107.5.46; envelope-from=christer.holmberg@ericsson.com; helo=EUR03-VE1-obe.outbound.protection.outlook.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1jW2fW-0004zT-Hf d1beb89ecc7f17a340d9ed206c9bafc4
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Genart last call review of draft-ietf-httpbis-client-hints-13
Archived-At: <https://www.w3.org/mid/A2613BDC-7577-4BED-8AB5-4799973A1586@ericsson.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37567
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Yoav,

I have not received the pull request yet, so I will comment only based on your e-mail reply :)

In general, I am happy with your explanations, and for most parts I think some text giving the explanations in the draft would be useful.

-------

Major issues:

MaQ1:

>> Section 2.1. describes sending of Client Hints, based on Accept-CH, and Section 3.1. defines the Accept-CH header field.
>>
>> First, there is no guidance on what a client does BEFORE it receives Accept-CH.
>> I assume it does not include support of any features.
>>
>> Second, there is no guidance on what a client does if it does NOT receive
>> Accept-CH (because the server does not support it). Will it then send another
>> request and include supported features ? What if it is too late, and the server
>> has already made choises?
>>
>> I think some client behavior guidance would be useful.
>
> Generally, without an opt-in (either before Accept-CH is received or when the server does not support it), clients SHOULD NOT send high-entropy hints, but MAY send low-entropy ones.
  
I think some guidance text would be useful.

---

MaQ2:

>> Related to Q3, there is not server procedure on when Accept-CH is sent to the
>> client. Also, can an Accept-CH with updated information be sent?
>
> Servers which wish to receive client information through Client Hints SHOULD add Accept-CH to their responses as early as possible.
> Later Accept-CH response headers with updated information will override a previous opt-in.

Some text would be useful for both cases above.
 
---

MaQ3:

>> Related to MaQ2, what happens if a server receives hints that it does not
>> understand, or does not support?
>
> Servers SHOULD ignore hints they do not understand or do not support.
 
Is there are reason for not using MUST? SHOULD typically means MUST-unless-X. What would X be?

Is there a way for the server to indicate to the client that it did not understand/support the hints? Whatever the answer, I think it would be good to have some text about that.

---

MaQ4:

>> Section 3.1 says:
>>
>>   “It SHOULD be persisted and bound to the origin to enable delivery of Client
>>   Hints on subsequent requests to the server's origin.”
>>
>> …and the subsequent text then gives an example.
>>
>> First, what is the time scope of “subsequent requests”? A session? An hour? A
>> day? For how long does the client need to remember the Accept-CH header field
>> value for a given origin server?
>
> A session, so similar lifetime properties as session cookies.
 
Add some text, please :)

>> Second, the procedure does not seem to take into account that certain aspects,
>> e.g., network characteristics, may change between when requests are sent to an
>> origin server.
>
> It is the server preference that's persisted, not the specific information. Varying client characteristics will result in varying Client Hints request headers at different points in time.

Ok.

--------

Minor issues:

MiQ1:

>> Section 1 described that proactive content negotiation allows servers to
>> silently fingerprint the user agent.
>>
>> But, later in the Section it is described that Client Hints also allow a server
>> the perform fingerprinting, and the Security Considerations also say that there
>> is really no difference.
>>
>> So, does Section 1 need to talk about fingerprinting at all?
>
> Section 1 describes the fact that traditional (read: pre-Client Hints) content negotiation methods relied on sending information to all servers, which enabled passive fingerprinting, 
> and how Client Hints breaks away from that paradigm, by only sending (high entropy) hints when the server needs them and opts-in to receive them.

A server can request the hints even if it doesn't "need" them, but it wants to do fingerprinting. The client does not know what the server will do with the information.

My point is that the reader should not get an impression that client hints somehow prevents fingerprinting. It doesn't. The only difference is that the server has to ask for the information.

---

MiQ2:

>> The 4th last paragraph of Section 1 says:
>>
>>   “It also defines guidelines for content negotiation mechanisms that use it,
>>   colloquially referred to as Client Hints.”
>>
>> The 2nd last paragraph of Section 1 says:
>>
>>   “This document defines Client Hints, a framework that enables servers
>>     to opt-in to specific proactive content negotiation features,
>>     adapting their content accordingly.”
>>
>> The 2nd last pargraph also talks about “usage of infrastructure”, which I don’t
>> really understand. I assume you mean the Client Hints framework?
>>
>> First, I think the text in the 4th last paragraph should be replaced by the
>> text in the 2nd last paragraph.
>>
>> Second, I think the text introducing the framework should come BEFORE the text
>> introducing the Accept-CH header field.
>>
>> Something like:
>>
>>   "This document defines Client Hints, a framework that enables servers
>>   to opt-in to specific proactive content negotiation features,
>>   adapting their content accordingly. This document also defines a new
>>   response header, Accept-CH, that allows an origin server to explicitly
>>   ask that clients send these headers in requests.
>>
>>   Client Hints mitigate performance concerns by assuring that clients
>>   will only send the request headers when they're actually going to be
>>   used, and privacy concerns of passive fingerprinting by requiring
>>   explicit opt-in and disclosure of required headers by the server
>>   through the use of the Accept-CH response header.
>>
>>   The document does not define specific usages of Client Hints. Such usages
>>   Need to be defined in their respective specifications.
>>
>>   One example of such usage is the User Agent Client Hints [UA-CH]."
>
> Makes sense.
 
Thanks! :)

-------

Nits/editorial comments:

EdQ1:

>> The document uses both “client” and “user agent” terminology. Is there a reason
>> for that, or could one be picked?
>
> No reason in particular. We can probably stick to "client". 

Sounds good :)

Thanks!

Regards,

Christer