Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy wrt reused connections #4363

Closed
larseggert opened this issue Nov 17, 2020 · 4 comments
Closed

Privacy wrt reused connections #4363

larseggert opened this issue Nov 17, 2020 · 4 comments
Labels
-http ietf-lc An issue that was raised during IETF Last Call.
Projects
Late Stage Processing
Milestone
http-secdir

Comments

@larseggert
Copy link
Member

larseggert commented Nov 17, 2020
edited by LPardue

Hilarie Orman wrote:

Similarly [to the point made in https://github.com//issues/4362], there is brief
mention of privacy wrt reused connections in 10.11, but that is
weak beer, simply saying that HTTP 3 prefers not to reuse connections.
@larseggert larseggert added -http ietf-lc An issue that was raised during IETF Last Call. labels Nov 17, 2020
@larseggert larseggert added this to the http-secdir milestone Nov 17, 2020
@larseggert larseggert added this to Triage in Late Stage Processing via automation Nov 17, 2020
@MikeBishop
Copy link
Contributor

It doesn't even say that it prefers not to reuse. It notes an explicit preference to reuse connections, but that's a privacy choice that clients will need to manage the trade-off for. Individual implementations can be as aggressive about reuse or as aggressive about privacy as they want. All this section is attempting to do is point out the trade-off.

I'm inclined to do nothing, but would welcome text suggestions.

@janaiyengar
Copy link
Contributor

Given this is not any different in terms of privacy considerations as compared to h2, and unless someone can propose text that is stronger, I'm inclined to say that we leave it as is. There's not much more we can do about the privacy issue here besides noting it.

@janaiyengar janaiyengar added the proposal-ready An issue which has a proposal that is believed to be ready for a consensus call. label Nov 24, 2020
@LPardue
Copy link
Member

LPardue commented Nov 24, 2020

The text is almost word-for-wrod what is present in HTTP/2 https://tools.ietf.org/html/rfc7540#section-10.8. I'm happyto leave this as is.

@project-bot project-bot bot moved this from Triage to Consensus Emerging in Late Stage Processing Nov 24, 2020
@LPardue
Copy link
Member

LPardue commented Dec 8, 2020

The proposed resolution was to close to with action, which was signalled to the appropriate review channel.

Hearing no pushback, I'm closing this.

@LPardue LPardue closed this as completed Dec 8, 2020
Late Stage Processing automation moved this from Consensus Emerging to Issue Handled Dec 8, 2020
@LPardue LPardue removed the proposal-ready An issue which has a proposal that is believed to be ready for a consensus call. label Dec 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
-http ietf-lc An issue that was raised during IETF Last Call.
Projects
Late Stage Processing
  
Issue Handled
Milestone
http-secdir
Development

No branches or pull requests
4 participants
@larseggert @MikeBishop @LPardue @janaiyengar