Re: Slower HTTP for privacy
Nick Harper <ietf@nharper.org> Mon, 30 January 2023 21:30 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA707C17CEA9 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Jan 2023 13:30:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.647
X-Spam-Level:
X-Spam-Status: No, score=-2.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AEadhrfQCIJk for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Jan 2023 13:30:41 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 982E4C17CEA6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 30 Jan 2023 13:30:41 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1pMbhB-005Uel-SP for ietf-http-wg-dist@listhub.w3.org; Mon, 30 Jan 2023 21:28:09 +0000
Resent-Date: Mon, 30 Jan 2023 21:28:09 +0000
Resent-Message-Id: <E1pMbhB-005Uel-SP@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <nharper@nharper.org>) id 1pMbh9-005UdT-LE for ietf-http-wg@listhub.w3.org; Mon, 30 Jan 2023 21:28:07 +0000
Received: from mail-ej1-f48.google.com ([209.85.218.48]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <nharper@nharper.org>) id 1pMbh6-007cYL-6j for ietf-http-wg@w3.org; Mon, 30 Jan 2023 21:28:07 +0000
Received: by mail-ej1-f48.google.com with SMTP id kt14so35937357ejc.3 for <ietf-http-wg@w3.org>; Mon, 30 Jan 2023 13:28:05 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wVdvdz59nLO0p0Liium+vhIPL+lo4yuQXCtRcSAwbsU=; b=Dhs6weQCKD9EcdAjVPTjfXFk2ELqgYy7qLMx7VYorT2KJjIcuhDbNdR4+DT48jfv7y mQj3O1dPa7sqsHTAyVmJ/cXSg0qRetIbZm60UdhF8PDbgnUxCOwUG8yEEVEvMoRYNVCG jipC4KIG2tZL3lwlxVmsbNQrliVEJx4zmp3EwUZQsUkSn0VDgDqjf/t5RMFLhkkF3jh7 E7uVecU0oDplWAR1Klw9rx490vZmi54aXMLz74CRp8IoKcQK1Nu59DIwAQ7Oidy78qvQ RY3t6TexlPgoitmqiyQFxqrx0F7HSRe7XsSrLcuK45DTXvSY5Mk/mLTfVJYY6pYDF1CN Xi5w==
X-Gm-Message-State: AFqh2kqqp0hamg+B/wOBXmgzaa+N4wSuq3GB+JfeiWQFN8B9w8KVqENM lRYIf7oi/VVWcCad+lAEcNKcxc5CMcOVcmAuigma+A==
X-Google-Smtp-Source: AMrXdXupoypqxrBKTcTYCGAi7FNkCtNLIDxQ4Zs385ckrEo/oSUDwKeeOr/9CfLSySu0T6n38Md9yEeKOC/KMvdpPac=
X-Received: by 2002:a17:906:14c1:b0:7c0:b3a8:a5f9 with SMTP id y1-20020a17090614c100b007c0b3a8a5f9mr8065577ejc.154.1675114074254; Mon, 30 Jan 2023 13:27:54 -0800 (PST)
MIME-Version: 1.0
References: <16133a2f-5fbe-0f7f-c2ea-e83d20fdb3cc@gmail.com> <20230130084455.6ede70c9@fabiankeil.de> <5d420b68-e4b2-34b8-1a56-a9fddf9872a0@gmail.com>
In-Reply-To: <5d420b68-e4b2-34b8-1a56-a9fddf9872a0@gmail.com>
From: Nick Harper <ietf@nharper.org>
Date: Mon, 30 Jan 2023 13:27:42 -0800
Message-ID: <CACcvr=kxp7gGgUFtPHoZxO4vifJ=J1ipyyJz9RxtZskm0RWDkg@mail.gmail.com>
To: "Soni L." <fakedme+http@gmail.com>
Cc: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="0000000000005ac6da05f381e3c4"
Received-SPF: none client-ip=209.85.218.48; envelope-from=nharper@nharper.org; helo=mail-ej1-f48.google.com
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1pMbh6-007cYL-6j e86a3ac7e232627e89c3a3b3c4f116e8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Slower HTTP for privacy
Archived-At: <https://www.w3.org/mid/CACcvr=kxp7gGgUFtPHoZxO4vifJ=J1ipyyJz9RxtZskm0RWDkg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40721
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
It sounds like what you want is Client Hints ( https://developer.mozilla.org/en-US/docs/Web/HTTP/Client_hints) On Mon, Jan 30, 2023 at 10:48 AM Soni L. <fakedme+http@gmail.com> wrote: > > > On 1/30/23 04:44, Fabian Keil wrote: > > "Soni L." <fakedme+http@gmail.com> wrote on 2023-01-29 at 11:45:53: > > > > > It would be appreciated if there were a slower HTTP, with more round > > > trips, explicitly designed with privacy negotiation in mind. > > > > > > Importantly, you can't leak data which you do not have. The best way > to > > > not have that data is to not receive it. > > > > > > Why does a server need to accept user agents and a bunch of other > > > unnecessary stuff if it isn't gonna use it? Doesn't it just make the > > > server more liable for no good reason? Make it possible to turn it > off! > > > Most of it can just be turned off. > > > > > > In fact, the simplest servers (static hosting) only really need the > URL > > > and the Host. Everything else is unnecessary liability. > > > > It's not exactly what you ask for, but Privoxy [0] has a > > delay-response{} response action [1] that is somewhat related. > > > > Fabian > > > > [0] <https://www.privoxy.org/> > > [1] < > https://www.privoxy.org/user-manual/actions-file.html#DELAY-RESPONSE> > It's not at all what we ask for! Uh, we mean like, why does the HTTP > server have to parse and discard the User-Agent header and another 10 or > so headers which it has no use for, instead of just... not receiving > those headers in the first place? > > Why can't the client send URL and Host, then wait for the server to send > a Headers Required message, then send the required headers (which may be > none)? Yes, it takes longer (more RTTs), but the best way to improve > privacy is to not have the data in the first place. > >
- Slower HTTP for privacy Soni L.
- Re: Slower HTTP for privacy Fabian Keil
- Re: Slower HTTP for privacy Soni L.
- Re: Slower HTTP for privacy Nick Harper
- Re: Slower HTTP for privacy Soni L.
- Re: Slower HTTP for privacy Daniel Stenberg
- Re: Slower HTTP for privacy Jeffrey Yasskin