[whatwg] ContextAgnosticXmlHttpRequest: an informal RFC

Jim Ley jim.ley at gmail.com
Wed Mar 9 08:55:54 PST 2005

On Wed, 9 Mar 2005 08:42:25 -0800, Chris Holland <frenchy at gmail.com> wrote:
> On Wed, 9 Mar 2005 12:14:52 +0000, Jim Ley <jim.ley at gmail.com> wrote:
>> Are you sure you're not advocating this to get around privacy based
>> proxies of the type that normally disable such referrer based content
>> so as to reliably block
>> privacy invasions?
> well, if a proxy starts filtering out http headers sent by the client,
> there isn't much we can do about that now is there. heh.

Who said anything about proxy?  You were requiring that a conformant
gibberishName UA send the correct referrer header, that's something
that many people, and many browsers currently do not want to do for
valid privacy concerns.  Just saying "there's nothing we can do about
those" when you've not really provided a use case for the information
in the first place isn't a good way to go I think.
> thanks for the feedback! :)

The biggest problem is you've not provided use-cases, you've not
provided any security analysis of your proposal, as it stands it's
extremely inadequate.  Come up with some use-cases, and a real
analysis of what extra features need to be added to make it secure,
what impact it has on privacy etc.



More information about the whatwg mailing list