IETF Logo Mail Archive

Re: Request-Off-The-Record Mode header

Watson Ladd <watsonbladd@gmail.com> Fri, 09 June 2023 04:44 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6964C151700 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 8 Jun 2023 21:44:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.748
X-Spam-Level:
X-Spam-Status: No, score=-7.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tvJrQLvyrhf for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 8 Jun 2023 21:44:13 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4901C151069 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 8 Jun 2023 21:44:13 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q7Twn-007moo-53 for ietf-http-wg-dist@listhub.w3.org; Fri, 09 Jun 2023 04:42:01 +0000
Resent-Date: Fri, 09 Jun 2023 04:42:01 +0000
Resent-Message-Id: <E1q7Twn-007moo-53@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <watsonbladd@gmail.com>) id 1q7Twl-007mnq-HE for ietf-http-wg@listhub.w3.org; Fri, 09 Jun 2023 04:41:59 +0000
Received: from mail-oo1-xc30.google.com ([2607:f8b0:4864:20::c30]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <watsonbladd@gmail.com>) id 1q7Twk-008DVe-9k for ietf-http-wg@w3.org; Fri, 09 Jun 2023 04:41:59 +0000
Received: by mail-oo1-xc30.google.com with SMTP id 006d021491bc7-558a79941c6so904622eaf.3 for <ietf-http-wg@w3.org>; Thu, 08 Jun 2023 21:41:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686285714; x=1688877714; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=D4zIQ/fxVWKxKiuxZu0BXK5eULAN0/+ScL9kF/rbEKY=; b=sK92YSf2lWS2XTSsavAbG3X/Ifu8cpInQB9BkMUD/KSQsKO2h/3L0EL4NSjMMVDwca 4YzqlKy1LPevSoFQxoTJeJs552ytiyEHCGLbl1i984GjQiFQjcg9FIxKuPIIHZLp+rBh WEmF1zBnRYtcoIQS02bEBqZLyjNNZeXw97rmPwHpJb/CAyHOSsn5+LOjLVdspZncHOKG 2yGnn5MkL9hMt7+Rt0fm6F58nK6aA+MfS3aEzcuf2tb2sswnQsC3VW49cs766aZLda0Q SDcFk1paPrKLNSzc4v9sP1kwA33KlXk3/nd0a62YQwAP+BPcQb8QL0Yoa5wYC0MwHtvH LkKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686285714; x=1688877714; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D4zIQ/fxVWKxKiuxZu0BXK5eULAN0/+ScL9kF/rbEKY=; b=cBx/xxzNOYTu4ohr23kceDSDoys467bZ22Op7U4kyFif4MtL6uQPf4+me9GcztcWWx sn31RJCzNnGbLGR+djwghLBG0HpEWbeuXJFRkb4n0m3+xsl4zP8/zN7uFQdysYDwhCAX kYp+ZWJl6wbnUroRxx46x5JRrYYZ0rsVOpNwvMRcXKamJZ++D4w4TjlvwtwrURYpp0HB dvl5v0XBwn99pKLp+oKLxIGpnXFF1OAu7W3aNh0Tb/yJeP65upHk4KDP/YbtE5GoUbFh MPxn7lOIcCTXrzfJ5/LDcDerdRIpnEQ50ajHIZTT2ctWP9hghlhR06j8HWItCmE+MOf6 qOhg==
X-Gm-Message-State: AC+VfDyNfYma44nay44y3IliEbRojOptr3kPxtwLTbS2mGwzKN2YZqFY KnuetOR6WvIojqFxEA2QIcEjq5v7aXKZPIpqA3OgKcVQ
X-Google-Smtp-Source: ACHHUZ501XBckqidqnxkrP55ZYJpN+T49zMUWlLmfteiBr7idwDFRiKDFtrVbwSoTAhMy/FJqHE/uuGn/uc+Qo7e3jU=
X-Received: by 2002:a4a:d241:0:b0:555:7682:7644 with SMTP id e1-20020a4ad241000000b0055576827644mr103347oos.2.1686285714246; Thu, 08 Jun 2023 21:41:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAG3f7Mi=QVLNdxL5LWxzf-2uAT8KO9B-NWFoaM_HHOvpiPzbRA@mail.gmail.com> <SA1PR00MB1461642051E1C9091088F2D8F750A@SA1PR00MB1461.namprd00.prod.outlook.com> <CAPDSy+4dXuF1YTWAC+v0dAVF5E=+D45v35vL69od718KzAWKqQ@mail.gmail.com> <57fb06ff-0791-459c-9ea1-12149616f82c@betaapp.fastmail.com>
In-Reply-To: <57fb06ff-0791-459c-9ea1-12149616f82c@betaapp.fastmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 08 Jun 2023 21:41:43 -0700
Message-ID: <CACsn0cnvtcXHCmK5x0c4TBgmrHGS6KYf-sD=Z-U-UKSo3hm1Tg@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2607:f8b0:4864:20::c30; envelope-from=watsonbladd@gmail.com; helo=mail-oo1-xc30.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=watsonbladd@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1q7Twk-008DVe-9k ff27115c4f6dade5479ba0e644a396b3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Request-Off-The-Record Mode header
Archived-At: <https://www.w3.org/mid/CACsn0cnvtcXHCmK5x0c4TBgmrHGS6KYf-sD=Z-U-UKSo3hm1Tg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51146
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Jun 8, 2023, 4:29 PM Martin Thomson <mt@lowentropy.net> wrote:
>
> I am a staunch opponent of the use of consent for this sort of thing.  Notice, perhaps, I might be able to get behind.
>
> To manage risk of destroying potential audit trails, it seems like it would be reasonable for browsers to ignore the signal if the site took actions that might result in permanent effects (like downloads of malware, use of powerful features that do require consent, that sort of thing).  The browser might retain *less* information, and create warnings if it does, but accountability is important.

We have consent with good reason for a camera usage but letting that
make a site get recorded would mean a domestic violence hotline
couldn't offer a video chat with a therapist with this feature.

I can't claim to have the answers for that one but that's just one
feature and example, and I don't know we can give terribly good
guidance here. I think browser vendors will have to use their best
judgement on the tradeoffs and UX to explain them, at the cost of the
header meaning slightly different things across browsers.

Sincerely,
Watson Ladd

v2.23.0 | Report a Bug | By Email