Re: Improved Client Identification
Cory Benfield <cory@lukasa.co.uk> Thu, 05 March 2015 09:48 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C3031A1BD9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Mar 2015 01:48:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.29
X-Spam-Level:
X-Spam-Status: No, score=-6.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a-xs7CcwJyMV for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 5 Mar 2015 01:48:10 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F47B1A1BD2 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 5 Mar 2015 01:48:10 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YTSKJ-00068z-NE for ietf-http-wg-dist@listhub.w3.org; Thu, 05 Mar 2015 09:44:19 +0000
Resent-Date: Thu, 05 Mar 2015 09:44:19 +0000
Resent-Message-Id: <E1YTSKJ-00068z-NE@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <cory@lukasa.co.uk>) id 1YTSK9-000689-U1 for ietf-http-wg@listhub.w3.org; Thu, 05 Mar 2015 09:44:09 +0000
Received: from mail-lb0-f172.google.com ([209.85.217.172]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <cory@lukasa.co.uk>) id 1YTSK3-00059E-54 for ietf-http-wg@w3.org; Thu, 05 Mar 2015 09:44:09 +0000
Received: by lbdu10 with SMTP id u10so3236457lbd.4 for <ietf-http-wg@w3.org>; Thu, 05 Mar 2015 01:43:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=i/eVpeNaz3aF0SJcSFVfMB8TAnx8Q0Gdxn7WNHA3X9Y=; b=XHJc1yuq3pG4cPSeuzgxplIu0aj6ywVAgyJk6lx4hhUIDx6uIbzdo4EEMczpFXzzs1 +kIJBPMlahj15U491/AVy8qnOBZUhfTY0DBKQ62+1D9hiLrPcZIFtNnqOlWq2C02yikj xglWo2GKy6+wvnkQCrTaNEq5b8s229qBAkJ1Sa54wA2oqzwJ8YqwUFyl4GmVjT3WHFvu W16sCUsnLECpHJyH3rxn5RorTSBFuMcm4d/IYgDB/887dGPxNnMzry5J9ID+R6/w4Xir YOr9wzVg7RDy9zMvQdQyuPS/q403l7h3TeI8+biODKkwhtrVIbmXVYUCC1DId5MsV1Fe jfYA==
X-Gm-Message-State: ALoCoQkNaaPj3gGGXSc+uIAynMF5iVg4RLfW5S77XYtE7D+86GMax8KO3wKiPoo+Mlo/D+VpuYZa
MIME-Version: 1.0
X-Received: by 10.152.37.69 with SMTP id w5mr7085430laj.15.1425548615648; Thu, 05 Mar 2015 01:43:35 -0800 (PST)
Received: by 10.25.155.129 with HTTP; Thu, 5 Mar 2015 01:43:35 -0800 (PST)
X-Originating-IP: [2620:104:4001:72:c57a:8c1:2304:e5d5]
In-Reply-To: <CADP4zhFON3u03kYfL2iYhhOoZ91LoLkcNamphFKniba2YdmugA@mail.gmail.com>
References: <CADP4zhFON3u03kYfL2iYhhOoZ91LoLkcNamphFKniba2YdmugA@mail.gmail.com>
Date: Thu, 05 Mar 2015 09:43:35 +0000
Message-ID: <CAH_hAJHZycgWsK2WrP_HAtvPoqpO8-t6rtgO77m5s7fUKW6enw@mail.gmail.com>
From: Cory Benfield <cory@lukasa.co.uk>
To: Sanel Mesinovic <sanel.mesinovic@ymc.ch>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.217.172; envelope-from=cory@lukasa.co.uk; helo=mail-lb0-f172.google.com
X-W3C-Hub-Spam-Status: No, score=-3.3
X-W3C-Hub-Spam-Report: AWL=-2.619, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: maggie.w3.org 1YTSK3-00059E-54 1f5a864a4bd9e2dccf312917f9e87089
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Improved Client Identification
Archived-At: <http://www.w3.org/mid/CAH_hAJHZycgWsK2WrP_HAtvPoqpO8-t6rtgO77m5s7fUKW6enw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28888
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 20 February 2015 at 15:36, Sanel Mesinovic <sanel.mesinovic@ymc.ch> wrote: > Hello, > > I found your email address here. Have one small contribution / request to > make to the new HTTP 2 protocol. Already wrote an email long time ago to Tim > Berners Lee however no reply. Maybe someone already during this time already > raised the issue. Unfortunately, HTTP/2 is now complete, which means this request is out of scope for HTTP/2. You could make this request as a generic HTTP extension, however I don't recommend it. > In my opinion the new protocol should introduce a better way to uniquely > identify the client. Currently it is not possible to uniquely identify a > user. IP identification is not reliable. There can be two or more users > behind the same IP. Session identification is even worse. Why? Setting a cookie absolutely does uniquely identify a client, unless the client chooses to remove it. It also does not allow correlation across origins. For that reason, I have to assume that the following motivations apply to this request: - you'd like to be able to uniquely identify a client across multiple domains - you'd like to prevent clients from being able to opt out of tracking I'd say that either one of these is in violation of IETF BCP 188[0], though I admit to that being a slightly broader reading of BCP 188 than is common. IMO, clients should always be able to choose not to be tracked, and they should certainly be free from any form of cross-domain tracking. There is a reason that people are uncomfortable with the way the Facebook 'like' button can be used to track users as they move around the web: adding an easier tools to do it would not make people happier, safer or more free. I am confident the IETF and this WG would never dream of adding such functionality. [0]: https://tools.ietf.org/html/bcp188
- Improved Client Identification Sanel Mesinovic
- Re: Improved Client Identification Andrew Mulholland
- Re: Improved Client Identification Cory Benfield
- Re: Improved Client Identification Chris Seal (HWEL - 3 Solutions - Technology Manager)