IETF Logo Mail Archive

Re: Migrating some high-entropy HTTP headers to Client Hints.

Mike West <mkwst@google.com> Mon, 14 January 2019 14:29 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2C94130FB5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 Jan 2019 06:29:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.64
X-Spam-Level:
X-Spam-Status: No, score=-10.64 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSen19DomH9j for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 Jan 2019 06:29:51 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEBE112D4F0 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 14 Jan 2019 06:29:51 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1gj3D1-0003Rt-3Y for ietf-http-wg-dist@listhub.w3.org; Mon, 14 Jan 2019 14:27:23 +0000
Resent-Date: Mon, 14 Jan 2019 14:27:23 +0000
Resent-Message-Id: <E1gj3D1-0003Rt-3Y@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mkwst@google.com>) id 1gj3Cz-0003RG-Hv for ietf-http-wg@listhub.w3.org; Mon, 14 Jan 2019 14:27:21 +0000
Received: from mail-ot1-x32e.google.com ([2607:f8b0:4864:20::32e]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <mkwst@google.com>) id 1gj3Cy-0007Mr-5J for ietf-http-wg@w3.org; Mon, 14 Jan 2019 14:27:21 +0000
Received: by mail-ot1-x32e.google.com with SMTP id 81so19452114otj.2 for <ietf-http-wg@w3.org>; Mon, 14 Jan 2019 06:27:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AdEfZcMWddWJuUXZ8Lc1Y+wpFm6W5/n40pu78igePZA=; b=Hw8fJhl2USfNhm9svSBQ2cSNPEZmttAC/iV56K1LB133MmbhDifzMmN0u1yYz//9/p 1LoELLHB8oydpWg3P0XEesyQeSfIeUEzpWrVAoDcclKM9XFf2EwY6T7RNdOVQkYU+iuG +XS4tD6+zdpYUS4pYnlbj2ky0+yx30DIf9W41i+DrN/w1yiqMmT9t/eETslJlVRqKpPN 8yl5bRnF9JVaDgKqU0DhUz11O7+flZexKglf901QC9h3m5sN4urGq7nbtuCk4yQq5EAz KttTeNhdIVeSgi74yRxpdvn2AdydL56wb80uIzKpjxv2mP0zTVQBdRDHNpvSQUuE8qsP nznQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AdEfZcMWddWJuUXZ8Lc1Y+wpFm6W5/n40pu78igePZA=; b=W4E2o6OsZAJQZoQ0WJ4jFqLa+ML87IyEMoQu8nGgErydrN/JDM6tEWQDfM/fRJ+WUp f+PU7VIOp2qIH8GNwXZm/2TAijnYjTM7aiQi2nWjw98gQrvi5c6Fm7FHGlxEDC7cU0yp Dnc3qZdQ/VVWguaCx9I0T/O9d728OWeJbZeNieHxLErFNfbK1gpegs4BxNKJGJdnL+f8 DKvOHSZpwmh2RzDshQdagHGG71ooisxtcyUSBiT/pMtYatPBS4vfxKSidxuHQAaWByys JeLzm0HrzZr03ggtit+tVJtvf7TSw3OjvRnyH0ek+v9Kj9rfayE5j1OSl5szQmxuZlFC +7VA==
X-Gm-Message-State: AJcUukdmRE6p2UF5s39bTWgci/aY2p/LPi7t3U+7oOZ7VUYSh4LYPEDm 8WPt33Fak6liuiqc/l7eBAw1oVK/U8rbyuU/wvy6xg==
X-Google-Smtp-Source: ALg8bN4+YyC9L8Xi83EzSMsnsMZbdIEwyPuo2MSEMw1e0JFTkOAWxvWlAiYnVMO8cjTVtJ2MyBWMlazvWwvBxmQPXgo=
X-Received: by 2002:a9d:7653:: with SMTP id o19mr16701726otl.12.1547476018802; Mon, 14 Jan 2019 06:26:58 -0800 (PST)
MIME-Version: 1.0
References: <CAKXHy=eHiMtXi8vkDYtADHdU0tnUfd3p+Wfy7vSkLgT7cA1W0w@mail.gmail.com> <ea4b3bc5-dbfc-7f49-0500-b2319e33e53a@it.aoyama.ac.jp>
In-Reply-To: <ea4b3bc5-dbfc-7f49-0500-b2319e33e53a@it.aoyama.ac.jp>
From: Mike West <mkwst@google.com>
Date: Mon, 14 Jan 2019 06:26:46 -0800
Message-ID: <CAKXHy=dUy1n5dNkxj_L3Ov=auaZr-L-+ZaneqLq4FCrRQQ72Gw@mail.gmail.com>
To: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Ilya Grigorik <igrigorik@google.com>, Yoav Weiss <yoavweiss@google.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="00000000000066dd50057f6bd6cd"
X-W3C-Hub-Spam-Status: No, score=-20.7
X-W3C-Hub-Spam-Report: AWL=3.866, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1gj3Cy-0007Mr-5J fa0728fba77545b5a4a8730f540a7b6f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Migrating some high-entropy HTTP headers to Client Hints.
Archived-At: <https://www.w3.org/mid/CAKXHy=dUy1n5dNkxj_L3Ov=auaZr-L-+ZaneqLq4FCrRQQ72Gw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36270
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sun, Jan 13, 2019 at 3:56 AM Martin J. Dürst <duerst@it.aoyama.ac.jp>
wrote:

> Sorry to be very late, and with a rather basic question:
>
> The point about substantial fingerprinting is definitely important. But
> what's the difference, in terms of fingerprinting, between the following
> two alternatives?
>
> a) The browser sending out Accept-Language,... to a server interested in
> fingerprinting.
>
> b) A server interested in fingerprinting sending out an Accept-CH header
> with the equivalent information, even if the server doesn't need e.g.
> language information for serving the request.
>

Hey Martin, good question!

In short, the client hints infrastructure places a number of limitations on
the ways in which hints can be enabled for a given request. Some of those
are documented in
https://tools.ietf.org/html/draft-west-lang-client-hint-00#section-3. I'll
hit the highlights below:

1.  No plaintext delivery; hints can be delivered over encrypted channels,
which means that we'll substantially reduce the scope of leakage to network
attackers.

2.  Client hints are moving to a delegation model whereby "first-party"
responses (top-level navigations, etc) can opt-into receiving hints, but
subresource requests cannot. That is, assuming the server you're talking
about above lives at `https://fingerprinter.com/`, it can obtain access
when the user directly navigates to `https://fingerprinter.com/`, but can
only obtain access in third-party contexts (e.g. when embedded as a frame
on `https://publisher.com/`) if the top-level domain explicitly delegates
the privilege to it. Note that there's some ongoing work (described in
https://tools.ietf.org/html/draft-west-lang-client-hint-00#section-3.2) to
bring the various specifications up to date with this decision. +Ilya
Grigorik <igrigorik@google.com>, +Yoav Weiss <yoavweiss@google.com>, and
friends are working through those.

3.  Because this data is no longer broadcast by default, but must be
explicitly requested, the onus falls upon the requestor to justify the
request. The explicitness makes it easier for researchers to dig into data
usage, and, in the best case, brings abuses to light.

Does that answer your question?

-mike

v2.23.0 | Report a Bug | By Email