-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encourage the use of OHTTP #1267
Comments
The issue was discussed in a meeting on 2023-09-06
View the transcript3.1. Encourage the use of OHTTP (issue vc-data-model#1267)See github issue vc-data-model#1267. Brent Zundel: oliver, can you walk us through #1267 and why it should be pre- or post-CR. awoie: This issue resulted from ping group review, and a clarification or addition to security considerations would probably cover it, I believe. Brent Zundel: if non-normative, post- should be fine. Sebastian Crane: OHTTP hasn't cleared IETF yet, so even if we wanted to add a normative reference we can't yet.
Manu Sporny: the precedent is in the link i've just shared.
Sebastian Crane: I can take this issue and add a note post-CR. |
The issue was discussed in a meeting on 2023-09-15
View the transcript3.1. Encourage the use of OHTTP (issue vc-data-model#1267)See github issue vc-data-model#1267. Brent Zundel: This one is about use of OHTTP in the spec, as of yet, OHTTP isn't yet finished at IETF, can't reference it normatively, add encouragement that people make use of it when they can, when they make use of HTTP. Kristina Yasuda: Similar to brent, we do have concerns about pointing to OHTTP since it's a draft at IETF... don't know if it's mature enough to recommend it -- OHTTP should be used once it's ready, is something like that acceptable? Nick Doty: Rather than the specifics about OHTTP, it seems like recommendation is identifying when there is a threat about identifying IP address and using privacy preserving proxy, when you do that in a way that you can collude, use privacy preserving proxy... don't need to make normative reference to OHTTP, you can say when it's a threat and use privacy preserving proxy.
Manu Sporny: what about a CDN, would that work? Nick Doty: Usually CDN works on behalf of issuer, so I don't think we'd say "that gives you privacy" -- some resources could be cached in a way that decreases how there is a request back to origin server, but I don't think we think about CDNs protecting you from colluding from server learning about the request. Brent Zundel: I think we have enough direction to move forward on this issue... before CR w/o being assigned to it... otherwise, first thing we tackle before meeting again. |
I suggest closing this issue, and taking no action |
The issue was discussed in a meeting on 2023-10-18
View the transcript2.1. Encourage the use of OHTTP (issue vc-data-model#1267)See github issue vc-data-model#1267. Brent Zundel: This doesn't have an assignee, came up during privacy review. Manu Sporny: I can take this PR.
Manu Sporny: 2-3 weeks, someone else do a PR before I get to it.
Manu Sporny: This came from security/privacy review... it might be bad to just close it since it came from horizontal review. Brent Zundel: Yes, we could ignore it, but neither of those options are the way things ought to be done. |
PR #1322 has been merged, closing. |
From w3cping/privacy-request#121 (comment):
The text was updated successfully, but these errors were encountered: