IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Eliot Lear <lear@cisco.com> Fri, 14 November 2014 21:00 UTC

Return-Path: <lear@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71E521A884D for <ietf@ietfa.amsl.com>; Fri, 14 Nov 2014 13:00:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.095
X-Spam-Level:
X-Spam-Status: No, score=-15.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kd7hgxZkRvCw for <ietf@ietfa.amsl.com>; Fri, 14 Nov 2014 13:00:00 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39BEF1AC3D9 for <ietf@ietf.org>; Fri, 14 Nov 2014 13:00:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1850; q=dns/txt; s=iport; t=1415998800; x=1417208400; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=LAzRbv9uJTNga0HWYcOrCuk+ZwYWqIe8F3AaQfuKNFQ=; b=UQ2wITYa6tb/qEHWbptU6uz3ZJyhM2b3E0EVj/8uNVtG3kWdI1lQX+jh ildJBk6ksg+SO6tFhkbZMEnv+Qrv2M0Pwwjzlhg06Gk7QWCspaHDCqvjq HTt6mZbMh5GeSsCndn3DmFtaI8s48NJsPkgSzgTMvHcy+mKjzBIsAPaX4 E=;
X-Files: signature.asc : 486
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag4FAC1sZlStJV2Z/2dsb2JhbABbgw5Vg1/RTQKBHRYBAQEBAX2EAwEBBCNVARALGAkWBAcCAgkDAgECAUUGAQwBBwEBiD27bJY3AQEBAQEBAQEBAQEBAQEBAQEBAQEBF5EiB4J3gVQBBJRjgVSIFYE0hk87jjyCNoFqGYE2BYFAAQEB
X-IronPort-AV: E=Sophos;i="5.07,387,1413244800"; d="asc'?scan'208";a="96770474"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-7.cisco.com with ESMTP; 14 Nov 2014 21:00:00 +0000
Received: from [10.21.118.191] ([10.21.118.191]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id sAEKxwfx011158; Fri, 14 Nov 2014 20:59:58 GMT
Message-ID: <54666D57.9050209@cisco.com>
Date: Fri, 14 Nov 2014 11:00:07 -1000
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Joseph Lorenzo Hall <joe@cdt.org>, ietf@ietf.org
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
References: <20141021213356.16262.50640.idtracker@ietfa.amsl.com> <54494E98.4070002@cs.tcd.ie> <5464E809.2080507@cdt.org>
In-Reply-To: <5464E809.2080507@cdt.org>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="hDF3AjsjlgMSKUkfanJqeJnV3eXwF3B5m"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/RV2pIVKNVhZztwXaZCZyHmXP4E0
Cc: draft-nottingham-safe-hint@tools.ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Nov 2014 21:00:02 -0000

Hi Joe,

On 11/13/14, 7:19 AM, Joseph Lorenzo Hall wrote:
>
> Hi, mnot has already heard the following concerns from us at CDT about
> this spec, but we want to make sure that these are part of the IETF
> last call comment record.
>
> * The "Safe" preference is not only a preference but a signal.  It
>   signals user vulnerability; when activated, the header would signal
>   a user's potentially vulnerable status not only to site operators
>   who intend to reply in good faith, but to those that will operate in
>   bad faith and also to every intermediary on-path that could read the
>   preference request.

While it could be the case that a user is vulnerable (a term that is a
bit vague), it is also the case that many other users might choose to
not want to receive content that is considered in some way "unsafe". 
One could even imagine "Safe" becoming a default setting.

Eliot

v2.23.0 | Report a Bug | By Email