Hiya,
On 19/07/2021 17:17, David Benjamin wrote:
I'll add that, in the context of cross-domain tracking on the web, this draft is a red herring. Remember that web pages have subresources. That means looking at the destination domain isn't useful because two different pages can embed a common destination domain. So the same concerns exist with RFC8446 (TLS resumption), RFC7540 (connection-reuse, same- and cross-domain), and RFC7230 (connection reuse). That's why we need a holistic answer like network partition keys from [FETCH], that apply to *all* network state. That answer applies equally to plain resumption and this draft.
That's true but isn't that also the old "adding this one new way to track doesn't make it worse because it's already horrible"? My preference is to not add new mechanisms that can enable cross-domain tracking as this one does. Cheers, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
