Re: Improved Client Identification
"Chris Seal (HWEL - 3 Solutions - Technology Manager)" <Chris.Seal@hwleurope.com> Fri, 06 March 2015 13:50 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3A331A1A4F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 6 Mar 2015 05:50:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.013
X-Spam-Level:
X-Spam-Status: No, score=-5.013 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OzvD21Mv6cGb for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 6 Mar 2015 05:50:52 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B07F1A1DBE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 6 Mar 2015 05:50:52 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YTsbB-0002Q6-Sx for ietf-http-wg-dist@listhub.w3.org; Fri, 06 Mar 2015 13:47:29 +0000
Resent-Message-Id: <E1YTsbB-0002Q6-Sx@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1YTsb7-0002P0-D8 for ietf-http-wg@listhub.w3.org; Fri, 06 Mar 2015 13:47:25 +0000
Received: from jay.w3.org ([128.30.52.169]) by maggie.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <ylafon@w3.org>) id 1YTsb7-0007um-Bo for ietf-http-wg@w3.org; Fri, 06 Mar 2015 13:47:25 +0000
Received: from ylafon by jay.w3.org with local (Exim 4.72) (envelope-from <ylafon@w3.org>) id 1YTsb7-0007ii-7X for ietf-http-wg@w3.org; Fri, 06 Mar 2015 08:47:25 -0500
X-Return-path: <>
X-Received: from maggie.w3.org ([128.30.52.39]) by jay.w3.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.72) id 1YTVRC-0003P8-10 for ylafon@jay.w3.org; Thu, 05 Mar 2015 08:03:38 -0500
X-Received: from frink.w3.org ([128.30.52.56]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) id 1YTVRB-0006mU-Qk for ylafon@w3.org; Thu, 05 Mar 2015 13:03:37 +0000
X-Received: from lists by frink.w3.org with local (Exim 4.80) id 1YTVRB-0008Fn-Hr for ylafon@w3.org; Thu, 05 Mar 2015 13:03:37 +0000
X-From_: Chris.Seal@hwleurope.com Thu Mar 05 13:03:34 2015
X-Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <Chris.Seal@hwleurope.com>) id 1YTVR8-0008EL-06 for ietf-http-wg@listhub.w3.org; Thu, 05 Mar 2015 13:03:34 +0000
X-Received: from [194.168.228.253] (helo=mail.hwleurope.com) by lisa.w3.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <Chris.Seal@hwleurope.com>) id 1YTVR5-0002ND-TL for ietf-http-wg@w3.org; Thu, 05 Mar 2015 13:03:33 +0000
X-Received: from HWEL-SVR-008.hwleurope.local ([fe80::60f5:4257:c980:51ae]) by EXCH02.hwleurope.local ([::1]) with mapi id 14.03.0224.002; Thu, 5 Mar 2015 13:03:02 +0000
From: "Chris Seal (HWEL - 3 Solutions - Technology Manager)" <Chris.Seal@hwleurope.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: Improved Client Identification
Thread-Index: AQHQVq+/hTjzjKZnDkuVmLtZmCxEKJ0NpFOAgAA3uIA=
Old-Date: Thu, 5 Mar 2015 13:03:02 +0000
Message-ID: <D11E03D9.BEB%Chris.Seal@hwleurope.com>
References: <CADP4zhFON3u03kYfL2iYhhOoZ91LoLkcNamphFKniba2YdmugA@mail.gmail.com> <CAH_hAJHZycgWsK2WrP_HAtvPoqpO8-t6rtgO77m5s7fUKW6enw@mail.gmail.com>
In-Reply-To: <CAH_hAJHZycgWsK2WrP_HAtvPoqpO8-t6rtgO77m5s7fUKW6enw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <F328F570765F404CABB0105F0BEEB464@hwleurope.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: none client-ip=194.168.228.253; envelope-from=Chris.Seal@hwleurope.com; helo=mail.hwleurope.com
X-W3C-Hub-Spam-Status: No, score=-1.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RDNS_NONE=0.793, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: lisa.w3.org 1YTVR5-0002ND-TL a9ff8d9473657f9ac34a53367797c5d9
Old-X-Envelope-To: ietf-http-wg
Date: Thu, 05 Mar 2015 13:03:37 +0000
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Thu Mar 5 08:03:38 2015
X-DSPAM-Confidence: 0.9991
X-DSPAM-Improbability: 1 in 115982 chance of being spam
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 54f8542a130961804284693
ReSent-Date: Fri, 06 Mar 2015 08:47:18 -0500
ReSent-From: Yves Lafon <ylafon@w3.org>
ReSent-To: ietf-http-wg@w3.org
ReSent-Subject: [Moderator Action] Re: Improved Client Identification
ReSent-User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Improved Client Identification
Archived-At: <http://www.w3.org/mid/D11E03D9.BEB%25Chris.Seal@hwleurope.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28894
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I¹d agree that this would go against BCP188. Arguably it¹s already possible without the need for anything new. See https://panopticlick.eff.org/ and https://panopticlick.eff.org/browser-uniqueness.pdf Chris On 05/03/2015 09:43, "Cory Benfield" <cory@lukasa.co.uk> wrote: >On 20 February 2015 at 15:36, Sanel Mesinovic <sanel.mesinovic@ymc.ch> >wrote: >> Hello, >> >> I found your email address here. Have one small contribution / request >>to >> make to the new HTTP 2 protocol. Already wrote an email long time ago >>to Tim >> Berners Lee however no reply. Maybe someone already during this time >>already >> raised the issue. > >Unfortunately, HTTP/2 is now complete, which means this request is out >of scope for HTTP/2. You could make this request as a generic HTTP >extension, however I don't recommend it. > >> In my opinion the new protocol should introduce a better way to uniquely >> identify the client. Currently it is not possible to uniquely identify a >> user. IP identification is not reliable. There can be two or more users >> behind the same IP. Session identification is even worse. > >Why? > >Setting a cookie absolutely does uniquely identify a client, unless >the client chooses to remove it. It also does not allow correlation >across origins. For that reason, I have to assume that the following >motivations apply to this request: > >- you'd like to be able to uniquely identify a client across multiple >domains >- you'd like to prevent clients from being able to opt out of tracking > >I'd say that either one of these is in violation of IETF BCP 188[0], >though I admit to that being a slightly broader reading of BCP 188 >than is common. IMO, clients should always be able to choose not to be >tracked, and they should certainly be free from any form of >cross-domain tracking. There is a reason that people are uncomfortable >with the way the Facebook 'like' button can be used to track users as >they move around the web: adding an easier tools to do it would not >make people happier, safer or more free. > >I am confident the IETF and this WG would never dream of adding such >functionality. > >[0]: https://tools.ietf.org/html/bcp188 > Please consider the environment before printing this email ________________________________ This e-mail is only intended for the person(s) to whom it is addressed and may contain PRIVILEGED or CONFIDENTIAL information. Any opinions or views are personal to the writer and do not represent those of Hutchison Whampoa (Europe) Limited, Hutchison Whampoa Limited or its group companies. If you are not the intended recipient, you are hereby notified that any use, retention, disclosure, copying, printing, forwarding or dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately. Hutchison Whampoa (Europe) Limited is a company registered in England and Wales with company number 1923041. Registered Office: Hutchison House, 5 Hester Road, Battersea, London. SW11 4AN. www.hutchisonwhampoa.com<http://www.hutchison-whampoa.com>
- Improved Client Identification Sanel Mesinovic
- Re: Improved Client Identification Andrew Mulholland
- Re: Improved Client Identification Cory Benfield
- Re: Improved Client Identification Chris Seal (HWEL - 3 Solutions - Technology Manager)