IETF Logo Mail Archive

Re: Migrating some high-entropy HTTP headers to Client Hints.

Martin Thomson <martin.thomson@gmail.com> Thu, 29 November 2018 23:25 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66971286E7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 29 Nov 2018 15:25:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.459
X-Spam-Level:
X-Spam-Status: No, score=-4.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp-Yelzz6kWi for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 29 Nov 2018 15:25:34 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2E3E124C04 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 29 Nov 2018 15:25:33 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1gSVe5-0003Zd-C9 for ietf-http-wg-dist@listhub.w3.org; Thu, 29 Nov 2018 23:22:57 +0000
Resent-Date: Thu, 29 Nov 2018 23:22:57 +0000
Resent-Message-Id: <E1gSVe5-0003Zd-C9@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1gSVe2-0003Yw-5x for ietf-http-wg@listhub.w3.org; Thu, 29 Nov 2018 23:22:54 +0000
Received: from mail-oi1-x231.google.com ([2607:f8b0:4864:20::231]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <martin.thomson@gmail.com>) id 1gSVdy-0004E1-TB for ietf-http-wg@w3.org; Thu, 29 Nov 2018 23:22:53 +0000
Received: by mail-oi1-x231.google.com with SMTP id u18so3191954oie.10 for <ietf-http-wg@w3.org>; Thu, 29 Nov 2018 15:22:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=zGEpmEhF6Rhmx0aJGmNl6yaLeh0l2mgFAXlqoY31bWg=; b=mIAfWyNpmLNtYwVq3TBnV4Lw+Ry3Etw2n19+NuLtFTp8Va0Tb+suvpShO3TAxlK6BJ fdq3kZa1513zvpJ0YZRf58kiJo6+jWF6qqgorQUkV/8lKplqJ6H+2+lsy8KS6rtJuNDz itd0OQoSH3a+FRbAPK1OjBNWASmlpKOzx+BOMfF50L6KC4nCHKvs3MP7UplGcDIST6fH qNuSlFcSa4uMEfeHPgH7n+x7nUFqQWiJym6UFUJ0k4xXSOs2KR4wq8+6YjC7WAgjuBi6 qZ5O2Yu1Ns3Waedh5eqIfbzHWtCQhxvI5AdhEm3LhItwaj/GByTj4fE90tca5mEVABnB m+kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=zGEpmEhF6Rhmx0aJGmNl6yaLeh0l2mgFAXlqoY31bWg=; b=DvUlxrCRh2n7BA6F54OER9jIjGJMbtowEzbtb35PaaKRZ9IQsmdCe5aYLKUcBxg5jr sDvs1RPHzAEntEEkTiLnRcM65DYLyY86SBCpk7OEEk5DzCx/D1NKi0wxFT2S2IPFa1T1 U7AT2lqH0B1DDUXLa3NAMj872dQTEZTadq7t4WYOfWfwDW8J4G01RBOMEv0tl8F3THku 9hM5IjOF+R9egSbUg29UXEwdsza6nEUGjzbaU5Znld/nxWtFe/u2Fyoq5EdQcN1q8ODR rqiG+pM3fjQPll6bJ2wJfyyhLkMWJR3avGYi5Fn2fspAJPt8axJ4VqTM/tUIHMG/X6tF Uz9A==
X-Gm-Message-State: AA+aEWb1HnlsyHd5mTKfNHrmf1GgEez5BVVqN0LH2MkDKA9RdfIJ386U 57qxFT0qYwHHtLpysBvtm79fCQRSijz3iIXVWWk=
X-Google-Smtp-Source: AFSGD/Vqf+AquJph7ynQWN2bEgGQEE4nl/BkECbM2k16a9DvquuZBmYNG+tw11Cm3AYxe5Zqh+vmAEmFSY/uVqBFJrc=
X-Received: by 2002:aca:e544:: with SMTP id c65mr2136596oih.75.1543533749865; Thu, 29 Nov 2018 15:22:29 -0800 (PST)
MIME-Version: 1.0
References: <CAKXHy=eHiMtXi8vkDYtADHdU0tnUfd3p+Wfy7vSkLgT7cA1W0w@mail.gmail.com>
In-Reply-To: <CAKXHy=eHiMtXi8vkDYtADHdU0tnUfd3p+Wfy7vSkLgT7cA1W0w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 30 Nov 2018 10:22:20 +1100
Message-ID: <CABkgnnU2P2Q+cDQ-y+798jbRZEiiQB2=5wH9QyBK_UfEf5zrkw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-W3C-Hub-Spam-Status: No, score=-8.6
X-W3C-Hub-Spam-Report: AWL=0.479, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1gSVdy-0004E1-TB 0528f439d729e8e1d186004470f8b47b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Migrating some high-entropy HTTP headers to Client Hints.
Archived-At: <https://www.w3.org/mid/CABkgnnU2P2Q+cDQ-y+798jbRZEiiQB2=5wH9QyBK_UfEf5zrkw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36110
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I think maybe I was predisposed to not like this, but I do like it.
Not saying that I'm hugely enthusiastic about doing the CH part, but
the bit were User-Agent becomes fixed is really appealing.

One thing we might consider, if the timing works out, is having user
agents register their UA strings with us.  We can bake them into the
QPACK static table so that we can save bits.  I don't want to
privilege particular clients overly, so that only works if we have
broad acceptance of the plan.
On Thu, Nov 29, 2018 at 9:26 PM Mike West <mkwst@google.com> wrote:
>
> Hey folks,
>
> Section 9.7 of RFC7231 rightly notes that some of the content negotiation headers user agents deliver in HTTP requests create substantial fingerprinting surface. I think it would be beneficial if we took steps to reduce their prevalence on the wire, and Client Hints looks like a reasonable infrastructure on top of which to build.
>
> `User-Agent` and `Accept-Language` seem like particularly tasty and low-hanging fruit, and I've sketched out two proposals as proofs of concept:
>
> *   `User-Agent` could be represented as ~four distinct hints: `UA`, `Model`, `Platform`, and `Arch`: https://github.com/mikewest/ua-client-hints is a high-level explainer, and https://tools.ietf.org/html/draft-west-ua-client-hints a sketchy ID for the new headers.
>
> *   `Accept-Language` could be represented as a `Lang` hint: https://github.com/mikewest/lang-client-hint is a high-level explainer, https://tools.ietf.org/html/draft-west-lang-client-hint an equally sketchy ID for the new header.
>
> I'd appreciate y'all's feedback. Thanks!
>
> -mike

v2.23.0 | Report a Bug | By Email