IETF Logo Mail Archive

Alt-Svc Privacy Concerns

Phil Lello <phil@dunlop-lello.uk> Sat, 09 April 2016 17:47 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6C8B12B05E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 9 Apr 2016 10:47:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.016
X-Spam-Level:
X-Spam-Status: No, score=-6.016 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dunlop-lello-uk.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SotxfY2c2xsi for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 9 Apr 2016 10:47:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DD6A12B038 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 9 Apr 2016 10:47:10 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1aowt4-0003Me-Kb for ietf-http-wg-dist@listhub.w3.org; Sat, 09 Apr 2016 17:41:34 +0000
Resent-Date: Sat, 09 Apr 2016 17:41:34 +0000
Resent-Message-Id: <E1aowt4-0003Me-Kb@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <phil@dunlop-lello.uk>) id 1aowt0-0003Ls-L3 for ietf-http-wg@listhub.w3.org; Sat, 09 Apr 2016 17:41:30 +0000
Received: from mail-lf0-f49.google.com ([209.85.215.49]) by lisa.w3.org with esmtps (TLS1.2:RSA_ARCFOUR_SHA1:128) (Exim 4.80) (envelope-from <phil@dunlop-lello.uk>) id 1aowsy-0002nb-HU for ietf-http-wg@w3.org; Sat, 09 Apr 2016 17:41:29 +0000
Received: by mail-lf0-f49.google.com with SMTP id e190so109534891lfe.0 for <ietf-http-wg@w3.org>; Sat, 09 Apr 2016 10:41:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dunlop-lello-uk.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to:cc; bh=jgu0iRm9dYwC/AtnYhxpas11xB2eTSZHMoA0Uyjtkcw=; b=aNHFrhdwtO+iyDw/yqMkxdaJlo8Hh8UPWGr4cBvpAiv8pm/DH30/ULfMOEhxqM9Y7K urtscjvOB5I55QTJBpAPtztYep0kMl3kZZrQQkNxq6LAoEXSLGXgZaH3v0LdupC3BDbb ykLkwq07YR+ZR73O+0vlJasv6Y8xKYrNICSsXAXSKpR/NJqAK0YfB/Dfst8ZeM/8OFQQ 5UNQ8Ciiq8/KhvQrNRgW6F+b1p5Qvc2Bk8aTOMX7qHnIKOOYTE3lZNdwxl4ThfrCZ8/w JbuJ6iyL/sY/n5qonnVTYdS/r0fjG8KfOOjbY8NO3NOQtzgoG2Dij+OSiLznSPcUH7fJ jBpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=jgu0iRm9dYwC/AtnYhxpas11xB2eTSZHMoA0Uyjtkcw=; b=h7d6771ySHJMR4ZWlQOwFTpDrMyAhA0glR5i1dl7wspl9zirikX/o2lr/fvf/b6dbl 6AMDfD4vyAMrP442TMHzCMZzcu08g5/bJBrSEJMhcpwy+oe1iaCGW3aBb2Kf2BNHho5C 9wzMYMI5SNoN3oCjCZevu52a4r6d+l8vY86n64ZZhZxidYGO7B2yUxrl25N3C32sLWIS 9TVHTWk0SKB4UvupkZ+Mijmq7ZX8MHVOkHRM+bti+CFQUP004eVms8kDHeHVK7QBAy0+ nwqL8B/0uFXzZj98cdIRvk61gFUCpYEcGBf31NyMy6uNHmy68/96Benlu5sFXpJBmDGB 5PEw==
X-Gm-Message-State: AD7BkJLS6HICdHjf3pEdZty5X0RRD9IUL8qAVLclHafLj6apye/AJeVKyZz3UwJP/zVKva6pdxsDQhem0m2VHnOQ
MIME-Version: 1.0
X-Received: by 10.25.205.146 with SMTP id d140mr5888947lfg.109.1460223660183; Sat, 09 Apr 2016 10:41:00 -0700 (PDT)
Received: by 10.25.27.16 with HTTP; Sat, 9 Apr 2016 10:41:00 -0700 (PDT)
Date: Sat, 09 Apr 2016 18:41:00 +0100
Message-ID: <CAPofZaEG3gm79CznQuB8RdZb6hXYV7ZiBNTwYj=autVP1=_Cng@mail.gmail.com>
From: Phil Lello <phil@dunlop-lello.uk>
To: Ryan Hamilton <rch@google.com>
Cc: Patrick McManus <mcmanus@ducksong.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a114128ca8eec5a053010d0b4"
Received-SPF: none client-ip=209.85.215.49; envelope-from=phil@dunlop-lello.uk; helo=mail-lf0-f49.google.com
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: AWL=-1.998, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, THIS_AD=1.695, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1aowsy-0002nb-HU ae13f46454eb3fcb97b350738c9755e7
X-Original-To: ietf-http-wg@w3.org
Subject: Alt-Svc Privacy Concerns
Archived-At: <http://www.w3.org/mid/CAPofZaEG3gm79CznQuB8RdZb6hXYV7ZiBNTwYj=autVP1=_Cng@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/31402
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sat, Apr 9, 2016 at 2:36 PM, Ryan Hamilton <rch@google.com> wrote:

> On Fri, Apr 8, 2016 at 11:01 AM, Patrick McManus <mcmanus@ducksong.com>
> wrote:
>
>> On Fri, Apr 8, 2016 at 2:31 PM, Ryan Hamilton <rch@google.com> wrote:
>>
>>> Howdy,
>>>
>>> It is common for web sites to serve content from a variety of different
>>> origins within the same domain. For example, www.example.com,
>>> accounts.example.com, images.example.com. A single page view may
>>> require loading resources from several such origins. (Tricks like domain
>>> sharing can exacerbate this proliferation of origins.) It would be great if
>>> the service had some way to tell the client, "All of my domains can use
>>> this alternative service". What would folks thinks of an include-subdomains
>>> parameter in the Alt-Svc value? If such a parameter were present in an
>>> Alt-Svc advertisement, a client could use this advertisement to apply to
>>> any sub-domain of the origin that the client does not already have an
>>> alternative for. This would avoid the need to discover the alternatives
>>> individually.
>>>
>>>
>> the server can send, unsolicited, on stream 0 an altsvc frame for each
>> origin it wants to provide alt-svc info for (the connection needs to be
>> authoritative for those origins, of course).
>>
>> yesterday's discussion of adding certificates to an established
>> connection would make that more powerful.
>>
>> I would encourage h1 servers to update to h2 to get this feature :)
>>
>
> Hm. This seems plausible for the simple case where the number of extra
> origins is small. But in some cases, the number of extra origins can be ...
> enormous.
>
> ​In the case of YouTube which I'm quite familiar with, there are literally
> thousands of hostnames and they all have the same Alt-Svc. We can't
> practically push an origin frame for each server.​ And even if we could, I
> suspect that browsers will limit the number of servers for which they are
> tracking Alt-Svc information.
>
> I'm concerned that Alt-Svc, especially used like this, is re-introducing
the sort of privacy issues people have been trying to eliminate with
cookies for years. Appologies if this has already been discussed and I
missed it.

Specifically, although I know that, for example, google.com and youtube.com,
are tightly related, the average user might not. Over a TLS end-to-end
connection, Alt-Svc seems to make it easy to track activities between
domains without user knowledge or consent. Ditto for blog1.wordpress.com
and blog2.wordpress.com.

There's also a danger that while a CDN might legitimately advertise Alt-Svc
for different sites it caches, a rogue CDN might seize the opportunity to
track activity across unrelated entities.

Best wishes,

Phil Lello

v2.31.3 | Report a Bug | By Email | System Status