IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

joel jaeggli <joelja@bogus.com> Tue, 18 November 2014 17:56 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B81DB1A19FC for <ietf@ietfa.amsl.com>; Tue, 18 Nov 2014 09:56:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.494
X-Spam-Level:
X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 971A-CmcvseE for <ietf@ietfa.amsl.com>; Tue, 18 Nov 2014 09:56:16 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C6FE1A066B for <ietf@ietf.org>; Tue, 18 Nov 2014 09:56:16 -0800 (PST)
Received: from mb-aye.local ([209.49.54.202]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id sAIHttZR004836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 18 Nov 2014 17:55:55 GMT (envelope-from joelja@bogus.com)
Message-ID: <546B8825.8000102@bogus.com>
Date: Tue, 18 Nov 2014 09:55:49 -0800
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Thunderbird/33.0
MIME-Version: 1.0
To: Eliot Lear <lear@cisco.com>, Joseph Lorenzo Hall <joe@cdt.org>, Mark Nottingham <mnot@mnot.net>
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <20141021213356.16262.50640.idtracker@ietfa.amsl.com> <54494E98.4070002@cs.tcd.ie> <5464E809.2080507@cdt.org> <E1F171E9-A1A5-4161-9974-AA4077802B9C@mnot.net> <546B8005.3090806@cdt.org> <546B857D.9010503@cisco.com>
In-Reply-To: <546B857D.9010503@cisco.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="s2CSDpSbiU6vSmCfhg8nHwBTJsA9u8uDU"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/IjOnPnzWe4TMsW7Xf4HvAmQj_p4
Cc: ietf@ietf.org, draft-nottingham-safe-hint@tools.ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2014 17:56:18 -0000

On 11/18/14 9:44 AM, Eliot Lear wrote:
> Hi Joe,
> 
> On 11/18/14, 6:21 PM, Joseph Lorenzo Hall wrote:
>>
>> (Incidentally, if something outside the browser inserts this header it
>> may be very difficult for the user to actually turn off, as well. I'm
>> not sure if that's something you've thought about. In DNT, there are
>> applications you can install that will insert that header for you on
>> each request (AVG does this).)
> 
> If that is detected (and it is easily detected by comparing against a
> TLS request), the content provider is not likely to make use of the safe
> bit.  In fact the content provider is in a good position to warn the
> user that this sort of thing is going on.

The draft not only assumes that proxies should insert this on ones'
behalf, but that such an activity is a normal course of events.

   Furthermore, a proxy (for example, at a school) can associate the
   preference with all (unencrypted) requests flowing through it,
   helping to assure that clients behind it are not exposed to
   "objectionable" content.



> Eliot
>

v2.23.0 | Report a Bug | By Email