Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

alt-svc: Alt-Used security discussion #121

Closed
LPardue opened this issue Nov 20, 2015 · 2 comments

Comments

Projects
None yet
3 participants
@LPardue
Copy link
Contributor

commented Nov 20, 2015

Section 5 foreshadows a discussion about privacy

As the Alt-Used header field might be used by the server for tracking the client, a client MAY choose not to include it in its requests for protecting its privacy (see Section 9.4).

However, Section 9.4 doesn't contain any mention of Alt-Used. Maybe all the information contained in the document is enough but this just struck me as a little odd.

@reschke

This comment has been minimized.

Copy link
Contributor

commented Nov 28, 2015

This inconsistency was caused by the fix for #36.

AFAIR, we made this change because the risk of tracking is there no matter whether Alt-Used is sent (see current Section 9.4). Thus, the simplest possible change would be to remove the whole sentence and the misleading forward reference.

@mnot

This comment has been minimized.

Copy link
Member

commented Dec 6, 2015

SGTM.

reschke added a commit that referenced this issue Dec 7, 2015

Remove statement about the tracking risk connect to Alt-Used and the …
…confusing forward reference to Security Considerations (#121)

@reschke reschke closed this Dec 7, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.