On Wed, Jan 18, 2017 at 2:56 AM, Eran Messeri <[email protected]> wrote:
>
> - Navigating to hosts by IP which have SSL certificates logged in CT logs
> would now be disclosed to the UA's resolver. A mitigation could be not
> looking up inclusion proofs for these if data shows this is a common use
> case.
>
Meaning if it was an uncommon use case, the privacy leak is deemed
acceptable?
> - Resource Hints: Not sure I see how that's related to this discussion.
> Ryan, can you elaborate?
>
It was a terminology issue in the section "Disclosure of visited hosts vs
resolved hosts" - I was highlighting that the term "pre-fetch" in your
analysis, in particular, " This is less of an issue if pre-fetches actually
fetch content, rather than just looking up IP addresses for links/resources
the user is likely to consume."
As defined in Resource Hints (e.g. what UAs are doing), there's a
distinction between "DNS prefetch" (which appears to be how you're using
the term "prefetch"), "preconnect", and "prefetch" (which, in Resource
Hints usage, implies an actual fetch of the resource). So what you saw as
an ambiguous term ("prefetch" in your usage) is captured in Resource Hints
as two distinct terms ("DNS prefetch" vs "prefetch")
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
