Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy #647

Merged
merged 4 commits into from
Nov 25, 2014
Merged

Privacy #647

merged 4 commits into from
Nov 25, 2014

Conversation

mnot
Copy link
Member

@mnot mnot commented Nov 21, 2014

Proposal for #645

hruellan
hruellan reviewed Nov 21, 2014
View reviewed changes
draft-ietf-httpbis-http2.xml
@@ -3953,6 +3953,16 @@ HTTP2-Settings = token68
for fingerprinting a specific client, as defined in <xref target="HTML5" x:fmt="of"
x:sec="1.8" x:rel="introduction.html#fingerprint"/>.
</t>
<t>
HTTP/2's preference for using a single TCP connection allows correlation of a user's
activity on a site; if connection coalescing is in use, this can occur across sites.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/if connection coalescing is in use/if connections are reused/
or
s/if connection coalescing is in use/if connection reuse is enabled/
This may be nitpicking, but "coalescing" is not in the spec: section 9.1.1 talks about "connection reuse".

@martinthomson
Copy link
Collaborator

Taking Mark's base, taking Herve's suggestions and removing some text. I think that this is good.

mnot and others added 4 commits November 25, 2014 11:35
@mnot @martinthomson
Add privacy consideration for tracking
9515019 
... using connection correlation. This fixes #645.
@mnot @martinthomson
Note privacy implications of PING and SETTINGS
46d4368 
Because these are server-initiated, they can be used
to effect a timing signature of the client.
@martinthomson
Editorial updates
b7c8ec9
@martinthomson
No point in under-selling the risk, it's tracking.
4ed85ab
@martinthomson martinthomson merged commit 4ed85ab into master Nov 25, 2014
@martinthomson martinthomson deleted the privacy branch November 25, 2014 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mnot @martinthomson @hruellan