Re: Request-Off-The-Record Mode header
Ángel <angel@16bits.net> Mon, 12 June 2023 00:07 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88651C14F75F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 11 Jun 2023 17:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.045
X-Spam-Level:
X-Spam-Status: No, score=-5.045 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=16bits.net header.b="gh5GyuF3"; dkim=pass (2048-bit key) header.d=16bits.net header.b="ZUxIlrNS"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIYrZivqhoGF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 11 Jun 2023 17:06:59 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35AD0C14E513 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 11 Jun 2023 17:06:58 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q8V2k-00DLL7-GG for ietf-http-wg-dist@listhub.w3.org; Mon, 12 Jun 2023 00:04:22 +0000
Resent-Date: Mon, 12 Jun 2023 00:04:22 +0000
Resent-Message-Id: <E1q8V2k-00DLL7-GG@lyra.w3.org>
Received: from www-data by lyra.w3.org with local (Exim 4.94.2) (envelope-from <angel@16bits.net>) id 1q8V2i-00DLJs-OL for ietf-http-wg@listhub.w3.org; Mon, 12 Jun 2023 00:04:20 +0000
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <angel@16bits.net>) id 1q8V1e-00DLAt-8j; Mon, 12 Jun 2023 00:03:14 +0000
Received: from mail.direccionemail.com ([198.23.137.135]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <angel@16bits.net>) id 1q8V1c-00FoNo-Li; Mon, 12 Jun 2023 00:03:13 +0000
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=16bits.net; s=ec2303; t=1686528187; bh=V6224riykXGDhh0dY0sGcw8UBnA7xzTOWMLnJGhWuwY=; h=Subject:From:To:Date:In-Reply-To:References:Content-Type: Content-Transfer-Encoding:MIME-Version; b=gh5GyuF3jha6sVJUHwszikGmtXxnOQVIhzxndV5dSgf+L0MsCf3ivNv8atVufoebZ 33p1v2qHd3E2eW3rZadCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=16bits.net; s=rsa2303; t=1686528187; bh=V6224riykXGDhh0dY0sGcw8UBnA7xzTOWMLnJGhWuwY=; h=Subject:From:To:Date:In-Reply-To:References:Content-Type: Content-Transfer-Encoding:MIME-Version; b=ZUxIlrNSR1ahh7wCCIghqyGtA6dy8j+4LJ+wwP2gl91kH2o+B/RLb9f5r0B3CWkit Rdv9EjHIG/BldBGskbPHJMCBlJvZb5gX1W9PVQHItuw4ddEJh0TaelghXfQ0ICFuZc D/w+4krsu8hQ2tPXyqBNZBr5FTxnvd92mo6SJSWA7MB0Z+J5kA4XlMqH+7xl/is1kr lXl5aHZRHOAX7uBSEaDLk1eOsqvJALDk0Ia1oBadKgGC62c7jJG8RgnRFa666aAGvb msPfBNpQYVUD/TLn++VuFA7SqZZCH2XbUAb9W5jT4ToyZlSHt020JegBX+W1exilGP UWiDRwogil5FA==
Message-ID: <68e96464d03b5f9ee48548e73ca7b184c32192e2.camel@16bits.net>
From: Ángel <angel@16bits.net>
To: public-webappsec@w3.org, ietf-http-wg@w3.org
Date: Mon, 12 Jun 2023 02:03:06 +0200
In-Reply-To: <CAPDSy+4dXuF1YTWAC+v0dAVF5E=+D45v35vL69od718KzAWKqQ@mail.gmail.com>
References: <CAG3f7Mi=QVLNdxL5LWxzf-2uAT8KO9B-NWFoaM_HHOvpiPzbRA@mail.gmail.com> <SA1PR00MB1461642051E1C9091088F2D8F750A@SA1PR00MB1461.namprd00.prod.outlook.com> <CAPDSy+4dXuF1YTWAC+v0dAVF5E=+D45v35vL69od718KzAWKqQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: pass client-ip=198.23.137.135; envelope-from=angel@16bits.net; helo=mail.direccionemail.com
X-W3C-Hub-DKIM-Status: validation passed: (address=angel@16bits.net domain=16bits.net), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1q8V1c-00FoNo-Li 4dff1343a01f5e5053ea8962179d677b
X-caa-id: 2ced01ee21
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Request-Off-The-Record Mode header
Archived-At: <https://www.w3.org/mid/68e96464d03b5f9ee48548e73ca7b184c32192e2.camel@16bits.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51155
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 2023-06-08 at 14:51 -0700, David Schinazi wrote: > This sounds very useful for the domestic violence resources use case, > but at the same time I could imagine malware websites abusing it to > erase traces of how a machine got infected. Would it be possible to > get user consent per origin for this? > David You shouldn't be able to *store* such user content (as that would spoil the intent), but I like the idea of an origin popping up a browser request asking whether to treat it as an Incognito/Private, rather than the website "knowing better than the user" and bypassing the browser features by its own volition. While not mentioned explicitly in the initial message, this already seems to be the way the feature works in Brave. Shivan, it would be interesting if you could share a website or test domain for which that feature is enabled in your browser.
- Request-Off-The-Record Mode header Shivan Kaul Sahib
- RE: Request-Off-The-Record Mode header Eric Lawrence
- Re: Request-Off-The-Record Mode header David Schinazi
- Re: Request-Off-The-Record Mode header Martin Thomson
- Re: Request-Off-The-Record Mode header Watson Ladd
- Re: Request-Off-The-Record Mode header Anne van Kesteren
- Re: Request-Off-The-Record Mode header Ángel
- Re: Request-Off-The-Record Mode header Shivan Kaul Sahib
- Re: Request-Off-The-Record Mode header Shivan Kaul Sahib
- Re: Request-Off-The-Record Mode header Greg Wilkins
- Re: Request-Off-The-Record Mode header Shivan Kaul Sahib
- Re: Request-Off-The-Record Mode header Shivan Kaul Sahib
- Re: Request-Off-The-Record Mode header Mike West
- Re: Request-Off-The-Record Mode header Dennis Jackson
- Re: Request-Off-The-Record Mode header Caleb Queern
- Re: Request-Off-The-Record Mode header Mike West
- Re: Request-Off-The-Record Mode header Caleb Queern
- Re: Request-Off-The-Record Mode header Shivan Kaul Sahib