Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

alt-svc: Alt-Used security discussion #121

Closed
LPardue opened this issue Nov 20, 2015 · 2 comments
Closed

alt-svc: Alt-Used security discussion #121

LPardue opened this issue Nov 20, 2015 · 2 comments
Labels
alt-svc editorial

Comments

@LPardue
Copy link
Contributor

LPardue commented Nov 20, 2015

Section 5 foreshadows a discussion about privacy

As the Alt-Used header field might be used by the server for tracking the client, a client MAY choose not to include it in its requests for protecting its privacy (see Section 9.4).

However, Section 9.4 doesn't contain any mention of Alt-Used. Maybe all the information contained in the document is enough but this just struck me as a little odd.
@reschke
Copy link
Contributor

reschke commented Nov 28, 2015

This inconsistency was caused by the fix for #36.

AFAIR, we made this change because the risk of tracking is there no matter whether Alt-Used is sent (see current Section 9.4). Thus, the simplest possible change would be to remove the whole sentence and the misleading forward reference.

@mnot
Copy link
Member

mnot commented Dec 6, 2015

SGTM.

reschke added a commit that referenced this issue Dec 7, 2015
@reschke
Remove statement about the tracking risk connect to Alt-Used and the …
7795d13 
…confusing forward reference to Security Considerations (#121)
@reschke reschke closed this as completed Dec 7, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
alt-svc editorial
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mnot @reschke @LPardue