IETF Logo Mail Archive

Re: Slower HTTP for privacy

"Soni L." <fakedme+http@gmail.com> Mon, 30 January 2023 18:48 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCC33C1782D0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Jan 2023 10:48:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.749
X-Spam-Level:
X-Spam-Status: No, score=-7.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42wI0S_tCeWH for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 30 Jan 2023 10:48:18 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E239C16B5B4 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 30 Jan 2023 10:48:17 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1pMZCJ-004bLW-5A for ietf-http-wg-dist@listhub.w3.org; Mon, 30 Jan 2023 18:48:07 +0000
Resent-Date: Mon, 30 Jan 2023 18:48:07 +0000
Resent-Message-Id: <E1pMZCJ-004bLW-5A@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fakedme+http@gmail.com>) id 1pMZCI-004bH4-4M for ietf-http-wg@listhub.w3.org; Mon, 30 Jan 2023 18:48:06 +0000
Received: from mail-ot1-x32e.google.com ([2607:f8b0:4864:20::32e]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <fakedme+http@gmail.com>) id 1pMZCG-0006yS-L3 for ietf-http-wg@w3.org; Mon, 30 Jan 2023 18:48:05 +0000
Received: by mail-ot1-x32e.google.com with SMTP id e21-20020a9d5615000000b006884e5dce99so4794263oti.5 for <ietf-http-wg@w3.org>; Mon, 30 Jan 2023 10:48:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=2y1s4Gk6hBArvFZurjusUqTePYYWu7ckjUCxkI4kbNo=; b=jkew2hXsa7U0LmF39MmxS+LOAGWjYVJS40KzMl7sp4Do2onwwmVfNvvLz9zXXD3TOf eWd1JQKz8PEMpc8LNMa+fkSfajikZlXGIkOj3acw38l5GrsQLVa4/ihbO7SGEkwEY0M6 uDOKWhHgbqPBHFhtHbV/vl52A+WP7LiuYaM6O92+dugPsxSGRgUZ1eW1Col25/pRZ1xU m/zo0f9enEuhB7wB9UYmHE/lADtsgxf2PAo+vHBYyHM0Nyql7fouA+pe9Q9AJCfiY28U QDz41t56BQXwoOQU7qouFWrrm9OiAjbNd0pBl8rNNnqitZ9omSEq17N0Cm0XxaEqOZ4l FN8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2y1s4Gk6hBArvFZurjusUqTePYYWu7ckjUCxkI4kbNo=; b=nN2Bs1+eJG0fAhg8tlZKfy9PKmREEfdbcaloI6TtCUQpvIpu7sQ7xuo7aJVchffcmj Kb9X6lqz+1QufMFV+eLumNuoigxeXhSI6gTOaj7+jEAKlgvA1SaLIinKuK7UuGdN66c3 knqd9AvbBC6+5vr1irNyqsIG4QruOnKVK1OBjABo7IZioHY+652F3ePqkT47qRNTIvBI ZtufPenMJ86GAbDlwWkTrw2NpMHoP28khCIgGM4DlYnuc/Y7mbdULbUMT9W58x5xQFpO K17XCNCirT/5sJ0nj7idqdBBGhRN94gWvERZ0nxZHnhg7irVLCzCS3nfmGyTnC5jJ1or J3GQ==
X-Gm-Message-State: AO0yUKXz9x06MLLOlpcKxOg8xHj4KlVYFkXCWVvUrC/e4RlphMFUJ2JN jn5UpFF84y1Ucm4lBEKyogfnmEgMI7Y=
X-Google-Smtp-Source: AK7set97JYGT+xHXk0MQALwT8RshAjF/jhCdD+CDHXLiw2jCp4Wj0y/zNuzG1i7KkWs0Vyj14a/hzg==
X-Received: by 2002:a9d:71d1:0:b0:68b:cdd3:3b93 with SMTP id z17-20020a9d71d1000000b0068bcdd33b93mr2596572otj.26.1675104473598; Mon, 30 Jan 2023 10:47:53 -0800 (PST)
Received: from ?IPV6:2804:431:cfcc:25b6::536f:6e69? ([2804:431:cfcc:25b6::536f:6e69]) by smtp.googlemail.com with ESMTPSA id y12-20020a056830070c00b0068bcb290a38sm2496081ots.55.2023.01.30.10.47.52 for <ietf-http-wg@w3.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Jan 2023 10:47:53 -0800 (PST)
Sender: "Soni L." <fakedme@gmail.com>
Message-ID: <5d420b68-e4b2-34b8-1a56-a9fddf9872a0@gmail.com>
Date: Mon, 30 Jan 2023 15:47:50 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.0
Content-Language: en-US
To: ietf-http-wg@w3.org
References: <16133a2f-5fbe-0f7f-c2ea-e83d20fdb3cc@gmail.com> <20230130084455.6ede70c9@fabiankeil.de>
From: "Soni L." <fakedme+http@gmail.com>
In-Reply-To: <20230130084455.6ede70c9@fabiankeil.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::32e; envelope-from=fakedme+http@gmail.com; helo=mail-ot1-x32e.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=fakedme+http@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.09, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1pMZCG-0006yS-L3 0eb1add94f3a01ebe9d1b341fbfc79cd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Slower HTTP for privacy
Archived-At: <https://www.w3.org/mid/5d420b68-e4b2-34b8-1a56-a9fddf9872a0@gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40720
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>


On 1/30/23 04:44, Fabian Keil wrote:
> "Soni L." <fakedme+http@gmail.com> wrote on 2023-01-29 at 11:45:53:
>
> > It would be appreciated if there were a slower HTTP, with more round 
> > trips, explicitly designed with privacy negotiation in mind.
> > 
> > Importantly, you can't leak data which you do not have. The best way to 
> > not have that data is to not receive it.
> > 
> > Why does a server need to accept user agents and a bunch of other 
> > unnecessary stuff if it isn't gonna use it? Doesn't it just make the 
> > server more liable for no good reason? Make it possible to turn it off! 
> > Most of it can just be turned off.
> > 
> > In fact, the simplest servers (static hosting) only really need the URL 
> > and the Host. Everything else is unnecessary liability.
>
> It's not exactly what you ask for, but Privoxy [0] has a
> delay-response{} response action [1] that is somewhat related.
>
> Fabian
>
> [0] <https://www.privoxy.org/>
> [1] <https://www.privoxy.org/user-manual/actions-file.html#DELAY-RESPONSE>
It's not at all what we ask for! Uh, we mean like, why does the HTTP 
server have to parse and discard the User-Agent header and another 10 or 
so headers which it has no use for, instead of just... not receiving 
those headers in the first place?

Why can't the client send URL and Host, then wait for the server to send 
a Headers Required message, then send the required headers (which may be 
none)? Yes, it takes longer (more RTTs), but the best way to improve 
privacy is to not have the data in the first place.

v2.38.3 | Report a Bug | By Email | System Status