IETF Logo Mail Archive

Re: Migrating some high-entropy HTTP headers to Client Hints.

Mark Nottingham <mnot@mnot.net> Fri, 30 November 2018 00:33 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99B7B12D4F0 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 29 Nov 2018 16:33:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3
X-Spam-Level:
X-Spam-Status: No, score=-3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=L8dboGfz; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Wfp1ZOwS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FbsZOqAdVlSH for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 29 Nov 2018 16:33:19 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99FFF127133 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 29 Nov 2018 16:33:19 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1gSWhU-00013o-7R for ietf-http-wg-dist@listhub.w3.org; Fri, 30 Nov 2018 00:30:32 +0000
Resent-Date: Fri, 30 Nov 2018 00:30:32 +0000
Resent-Message-Id: <E1gSWhU-00013o-7R@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1gSWhR-000136-TS for ietf-http-wg@listhub.w3.org; Fri, 30 Nov 2018 00:30:29 +0000
Received: from out4-smtp.messagingengine.com ([66.111.4.28]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <mnot@mnot.net>) id 1gSWhQ-00047M-1h for ietf-http-wg@w3.org; Fri, 30 Nov 2018 00:30:29 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 5D82E23AA8; Thu, 29 Nov 2018 19:30:07 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 29 Nov 2018 19:30:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=u JGvVg4RqI5iniHW8Zp9dMA40NsLa3TloasFlpVrzTI=; b=L8dboGfztP8+6q9rk ezHQGTFAhpJ9vrO1EHIOrIRotjtCScXOEx8zWilS9slowiu3Y5losL53F7wPh5oO 7c3KWH6S6rN+vFJp1DkHveqrqTmOf8MsCvDDJVm8oLmXR4sfhiReeFDF/oqavYp2 hSck7leq2sX5bi5vF2yIKP9y8hk9TXTcwLLP1scJijTnP9q3P1XFkIo7dQ2sZeu3 mG7bPSiG8sVSMmCXHVFmwVI7qLLRX0NXquNvn22uNoZ9NZbCsvEnmi5sCYvNuH6l Oouc2YnTViQFl2WW2c4iOM7SooDp/9K3+acrsEFZOZ6QJgTXdL6K+4W/9UCnm2jj jiVSw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=uJGvVg4RqI5iniHW8Zp9dMA40NsLa3TloasFlpVrz TI=; b=Wfp1ZOwS8HUnAxboTonincUd4Wq7EXNEOuXRdE6KJVXOesvVHfxyFVXAs GOMjYHYLz9kiEkNOaDNpgc6D0BPt0nVqmef0AtWTtcibfq86T4tk3C0nYI6xl7Ue FhIk83gKSKXz0cX1NXp7AnKGrvOxCJ9Mftz/6LsGLQWJmlF440OXXYYvoR8F+k7s P+J4OkmVX2mGjylffgZyLESdPqeFBiGlkemNkSRhDcYZZxnLBP7rUTZkutnbcHjX ptyjNFY7Y9z2NhO2PjztfJljFSXLZHQXzev25nQwu5en+YkDyCwU7UJ/aSsVcyHq OIMq99rGAmgPRIAnQbQYjkxPcRGJg==
X-ME-Sender: <xms:jYQAXNmpEVsGZ-5UuXYJ7nHVOjIJp16NQF7Oam__fNuwWmYAD_Zg7A>
X-ME-Proxy: <xmx:jYQAXPZfMEd5PCSClUe0-n2MmEoy3C4KxxWL7idJlq1hrVU35GWf0Q> <xmx:jYQAXPcA-4EmEV_QvdRLIisqF9NNnpCS3nahHK4dPL90smAWjigqxQ> <xmx:jYQAXJdwNWKNho7tQZfzY9vMCHYh88WIYlLQiD-wymkqo2-n1S3JHg> <xmx:jYQAXD54CqhjVYOkPzi76g-nI6f4E5WDwin4yq6-QBhBgy04r23g0Q> <xmx:jYQAXN2eV-cz4Ed4kxtA_7hmKZGs8lBV8LT1qI44hvdgfFT-KnS7yw> <xmx:j4QAXJ1DJy20GlDLOoZO7EvUiP4erxkDA7NlP2Idl8W134up3KtOUA>
Received: from attitudadjuster.mnot.net (unknown [144.136.175.28]) by mail.messagingengine.com (Postfix) with ESMTPA id 9F32E1030C; Thu, 29 Nov 2018 19:30:03 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAKXHy=eHiMtXi8vkDYtADHdU0tnUfd3p+Wfy7vSkLgT7cA1W0w@mail.gmail.com>
Date: Fri, 30 Nov 2018 11:29:47 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Ilya Grigorik <igrigorik@google.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <538F7C6E-EB14-4B49-B9B5-BED066E5838F@mnot.net>
References: <CAKXHy=eHiMtXi8vkDYtADHdU0tnUfd3p+Wfy7vSkLgT7cA1W0w@mail.gmail.com>
To: Mike West <mkwst@google.com>
X-Mailer: Apple Mail (2.3445.100.39)
X-W3C-Hub-Spam-Status: No, score=-6.5
X-W3C-Hub-Spam-Report: AWL=3.343, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1gSWhQ-00047M-1h 608cd78743303b5ef6a13df63b5fe10e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Migrating some high-entropy HTTP headers to Client Hints.
Archived-At: <https://www.w3.org/mid/538F7C6E-EB14-4B49-B9B5-BED066E5838F@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36112
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I, for one, welcome our new Client Hint overlords.

Personally, I'd like to see these integrated into the current CH document, rather than as separate drafts. CH still needs some work, so it's not like we're going to get it out the door tomorrow.

However, it seems like Ilya wants to go in a different direction, based upon the notes we received for Bangkok.

Ilya, your thoughts?



> On 29 Nov 2018, at 9:22 pm, Mike West <mkwst@google.com> wrote:
> 
> Hey folks,
> 
> Section 9.7 of RFC7231 rightly notes that some of the content negotiation headers user agents deliver in HTTP requests create substantial fingerprinting surface. I think it would be beneficial if we took steps to reduce their prevalence on the wire, and Client Hints looks like a reasonable infrastructure on top of which to build.
> 
> `User-Agent` and `Accept-Language` seem like particularly tasty and low-hanging fruit, and I've sketched out two proposals as proofs of concept:
> 
> *   `User-Agent` could be represented as ~four distinct hints: `UA`, `Model`, `Platform`, and `Arch`: https://github.com/mikewest/ua-client-hints is a high-level explainer, and https://tools.ietf.org/html/draft-west-ua-client-hints a sketchy ID for the new headers.
> 
> *   `Accept-Language` could be represented as a `Lang` hint: https://github.com/mikewest/lang-client-hint is a high-level explainer, https://tools.ietf.org/html/draft-west-lang-client-hint an equally sketchy ID for the new header.
> 
> I'd appreciate y'all's feedback. Thanks!
> 
> -mike

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email